SuperHQ: Run AI coding agents in isolated microVM sandboxes

SuperHQ is an open source (AGPL v3) sandboxed orchestration platform for AI coding agents, built with Rust and Zed's GPU-accelerated UI framework (GPUI). Instead of running Claude Code, OpenAI Codex, or Pi directly on your host machine, each agent gets its own isolated microVM with a full Debian environment. The host filesystem is never modified — writes go to a tmpfs overlay, and you review changes via a unified diff panel before accepting or discarding.

Key features

• Isolated workspaces — each workspace runs in its own VM with independent filesystem, networking, and resource limits.
• Multiple agent support — run Claude Code, OpenAI Codex, and Pi side-by-side in separate sandboxes.
• Auth gateway — a reverse proxy on the host injects API credentials into outgoing requests without exposing tokens to the sandbox. For Codex with OAuth, the gateway handles token refresh and forwards authenticated requests to chatgpt.com/backend-api/codex, enabling ChatGPT Plus/Pro subscriptions.
• Port management — forward sandbox ports to host, or expose host ports to sandboxes.
• Review panel — see file changes made by agents with a unified diff view (toggle with Cmd+B).
• Remote access — remote.superhq.ai acts as a remote control, allowing you to access workspaces and agents from anywhere.

Installation

brew tap superhq-ai/tap && brew install --cask superhq

Or download the latest .dmg from the Releases page. Note: macOS Gatekeeper will block it on first launch since the app is not notarized — open System Settings > Privacy & Security, scroll down, and click 'Open Anyway'.

Requirements: macOS 14+ (Apple Silicon), ~500 MB disk space for the Shuru runtime (downloaded on first launch).

Supported agents and auth

Agent	Auth	Notes
Claude Code	Anthropic API key	Installed automatically via npm
OpenAI Codex	OpenAI API key, OpenRouter API key, or ChatGPT Plus/Pro (OAuth)	If OPENROUTER_API_KEY is set, Codex routes through OpenRouter
Pi	Anthropic and/or OpenAI API key (or ChatGPT Plus/Pro via OAuth)	At least one provider required; OpenAI models routed through auth gateway

Security model

Agents run inside sandboxed VMs and never see your real API keys. The auth gateway — a reverse proxy on the host — injects credentials into outgoing API requests without exposing them to the sandbox. Workspace config and secrets are stored in SQLite with AES-256-GCM encryption. Project directories are mounted read-only; agent writes go to a tmpfs overlay that is destroyed when the VM is torn down.

Keyboard shortcuts

• Workspaces: Cmd+N new, Cmd+1..9 switch, Ctrl+Cmd+] next, Ctrl+Cmd+[ previous
• Tabs: Cmd+T new agent tab, Cmd+W close, Ctrl+1..9 switch, Cmd+Shift+] next
• App: Cmd+, settings, Cmd+B toggle review panel, Cmd+Shift+P ports

Building from source

Clone the shuru SDK as a sibling directory, then:

git clone https://github.com/superhq-ai/shuru.git ../shuru
cargo build --release
# Package as macOS app:
./scripts/package.sh
# Output: target/SuperHQ-<version>.dmg

Note: This is early alpha software (v0.4.4 as of Apr 23, 2026). Expect rough edges and breaking changes — not production-ready.