v2026.04
Read release notes
exAI Agentic OSexAI
Join the waitlist
§ 01 / 06
ManifestoWorkspace · the cloud IDEBrowser-class editor · Firecracker microVMs · sub-second cold-starts.
vm-pool · 14 / 20 warm
exAI Workspace · the IDE you keep in a browser tab

Browser-class workspace.
Microsecond
cold-starts.

A VSCode-class editor on Firecracker-isolated microVMs. Live Share pairing, prebuilt environments, terminals, ports, and a real DAP-driven step session — all wired to the same runtime exAI ships against.

Open a repository, pair on a branch, attach a step session, forward a port. The workspace boots in 612 ms P50, persists a snapshot every minute, and resumes byte-identical when you come back tomorrow. No laptop setup. No drift. No escape surface.

Join the waitlistSee benchmarks · 612 ms cold-start
exai/monorepo · feat/billing-v3 · vm-17⌘P
EXPLORER
apps/
web/
billing/
packages/
core/
ui/
·.devcontainer.json
·turbo.json
·package.json
.devcontainer.json● live
{
  "image": "exai/node:22",
  "features": {
    "git": {},
    "pnpm": "9.x"
  },
  "forwardPorts": [3000, 5432],
  "postCreateCommand": "pnpm i"
}
PAIR
KMKSNN
3 connected
vm-17 · us-east-1↑ 612 ms cold
Fig. 01 · workspace · vm-17Live Share · Y.js CRDT
§ 02 / 06
Anatomy

Three surfaces.
One runtime.

The workspace is not a forked Monaco. It is three first-class surfaces — editor, terminal, source control — sitting on a typed runtime layer of compute, image, storage, and network. Every line is reachable from a single keyboard shortcut.

01 · Editorfor engineers
Monaco + LSP
VSCode-class editing surface — multi-cursor, IntelliSense, Vim mode, theming, telemetry-free. LSP routed to a dedicated VM lane, so completions stay sub-100 ms even on 300+ package monorepos.
· Monaco 0.55 · WebSocket LSP
· Inline AI · same provider router
· Settings sync · per-tenant scope
02 · Terminalfor operators
xterm + ports + tasks
Real PTYs on the workspace VM. Open as many as you like. Tasks declared in .devcontainer.json. Auto-forwarded ports surface in the side panel with HTTPS tunnels and basic-auth gates.
· xterm.js · WebGL renderer
· Cloudflare-tunnel · per-port
· Tasks · pnpm, turbo, make
03 · Source controlfor reviewers
Git + PRs + reviews
Native Git surface — stage, commit, fetch, rebase, force-push gates. PRs render inline with file-tree diffs, threaded comments, and one-click approve. No context-switch to GitHub for routine reviews.
· GitHub · GitLab · Bitbucket
· Inline review threads
· Branch hand-off · 1-click
shared runtimebelow
04 · Compute
Firecracker microVMs
KVM-isolated. Warm pool 5–20. Snapshot-resume. One-vCPU floor.
05 · Image
OCI · Devcontainer · dotfiles
Bring your container. Devcontainer spec native. Dotfiles cloned per-user.
06 · Storage
Persistent + ephemeral
EBS-backed home volume. Tmpfs scratch. Object-store snapshots every 60 s.
07 · Network
Ports + cloudflare-tunnel
Auto-forwarded localhost. HTTPS preview URLs. Egress filtered by eBPF.
§ 03 / 06
Firecracker · workspace isolation

KVM-isolated.
Snapshot-resumed.
Zero escapes.

Every workspace is a microVM. AWS Firecracker, KVM enforced, one-vCPU floor, eBPF-filtered egress. The same isolation model that runs Lambda, applied to the IDE you keep in a tab.

Workspace fleet · last 30 days
Cold-start · P50
0 ms
Warm pool · steady state
0/20
Uptime · contractual SLA
0.00 %
VM escapes · since launch
0
Snapshot
60 s · cross-AZ
Kernel
6.6 LTS · pinned
Egress
eBPF · allow-list
Engineering invariants
  • 01
    One-vCPU floor.
    Even idle workspaces sit on a dedicated vCPU + 1 GB RAM lane. No noisy-neighbor scheduling. No bursty contention.
  • 02
    KVM-isolated.
    Each workspace runs inside its own Firecracker microVM. KVM enforced. Container-escape surface is zero.
  • 03
    Snapshot-resume.
    Disk + memory snapshot every 60 s to object storage. Pause for a week, resume on the same kernel state.
  • 04
    Regional failover.
    Snapshots replicate cross-AZ. A region drain promotes the warm pool elsewhere with no operator action.
  • 05
    eBPF egress filter.
    Outbound traffic is policy-gated per workspace. Allow-listed registries, denied-by-default exfil paths.
§ 04 / 06
Live Share · multiplayer pairing

Pair on a branch.
Together. In real time.

Y.js CRDT pairing on the same workspace VM. Cursors, terminals, voice, and follow-mode — wired to the same audit pipe your SIEM already ingests. Pairing is not a screenshare; it is a second keyboard on the same host.

pairing · session #4471
Connected
KM
Karen Mori
host · vm-17
KS
Kostas Stamoulis
guest · follow-mode
NN
Nikolaos Papagiannis
guest · read-write
Sync layer
Y.js CRDT
Sync window
1.2 s round-trip
Voice
WebRTC SFU
Audit
SIEM · 365 d
Multiplayer cursors.
Selections, hovers, and tooltips render per-participant — colored by initials, not by IP.
Shared terminals.
Any PTY on the host VM can be mirrored read-only or read-write to invitees, with an audit gate.
Follow-mode.
Pin to a teammate; their viewport, file, and cursor become yours until you release the lock.
Voice via WebRTC.
Optional in-tab audio room. SFU-routed, recorded only when the host explicitly toggles it on.
Branch hand-off.
One-click transfer of dirty branch + uncommitted state to a teammate. No 'just push your WIP' dance.
Audit-logged sessions.
Every guest, every keystroke window, every shared terminal — streamed to your SIEM, retained 365 days.
§ 05 / 06
Prebuilds · dotfiles

Open the repo.
One second later, you type.

Every push prebuilds. Image, deps, build artifacts — all warm before a human asks. The platform claims your dotfiles, your extensions, your shell. The tab opens; you write code.

01 · Trigger
push, PR, schedule

Webhooks fire on every default-branch push. PRs prebuild on open + sync. Cron schedules cover sleepy repos.

02 · Warm time
≤ 1 s P95

From click to cursor in the editor. Image, deps, build cache, and devcontainer features are all pre-resolved.

03 · Cache
git, package, build

Three-layer cache — git fetch, package manager (pnpm / yarn / cargo / pip), and build artifacts (next, turbo).

04 · Limits
per-repo or per-tenant

Soft + hard ceilings on prebuild minutes, parallel jobs, and storage. Spend dashboards drill to commit SHA.

.devcontainer.json · canonical

The same Devcontainer spec VSCode ships. Add an exai block and the platform claims the prebuild trigger, the cache TTL, and the per-user dotfiles repo. Nothing proprietary. Nothing locked-in.

spec · containers.dev/v0.4
.devcontainer.json
prebuild · ttl 7d
{
  "name": "exai-monorepo",
  "image": "ghcr.io/exai/dev-base:22-bookworm",
  "features": {
    "ghcr.io/devcontainers/features/git:1": {},
    "ghcr.io/devcontainers/features/node:1": { "version": "22" },
    "ghcr.io/exai/features/pnpm:1": { "version": "9.x" }
  },
  "forwardPorts": [3000, 5432, 6379],
  "portsAttributes": {
    "3000": { "label": "web", "onAutoForward": "openPreview" },
    "5432": { "label": "postgres", "protocol": "tcp" }
  },
  "postCreateCommand": "pnpm install --frozen-lockfile",
  "postStartCommand": "pnpm turbo run dev --filter=web",
  "customizations": {
    "exai": {
      "prebuild": { "trigger": ["push", "pr"], "ttl": "7d" },
      "dotfiles": { "repository": "git@github.com:org/dotfiles.git" }
    }
  }
}
§ 06 / 06
Stand up a workspace

Stand up a workspace.
Today.

VSCode-class editor. Firecracker microVMs. Live Share pairing. Prebuilds in ≤ 1 s. The cloud workspace platform engineers actually run on — not the one their procurement team approved two years ago.

Join the waitlistRead the benchmarks
SOC 2 Type IIISO 27001HIPAA-readyGDPR · DPFPCI DSS 4.0