microVM manager built on Firecracker (Linux) and Apple Virtualization.framework (macOS)
Project description
Shuck
An open-source microVM manager built on Firecracker (Linux) and Apple Virtualization.framework (macOS).
- Boot lightweight VMs in milliseconds
- Execute commands, transfer files, open interactive shells
- Stream serial console logs
- Port forwarding with nftables NAT (Linux)
- REST API + CLI
- Cloud-init style userdata scripts
Status
Pre-1.0 and early. The core feature set works and has test coverage, but:
- The HTTP API, CLI flags, config schema, and on-disk state layout may change without a deprecation period.
- The Linux/Firecracker backend is more mature than the macOS/Apple VZ backend.
- It has not been run at scale or under production workloads. No soak testing, no external users yet.
- Security features (token auth, rate limiting, encrypted secrets) exist but have had limited review. Don't expose the daemon to an untrusted network.
Useful for experimentation, local development, and CI. Not recommended for production.
Quick Start
# Install
cargo install --path crates/shuck
# Start the daemon
shuck daemon &
# Boot a VM
shuck run --name myvm --kernel /path/to/vmlinux /path/to/rootfs.ext4
# Interact
shuck exec myvm -- uname -a
shuck shell myvm
shuck cp local.txt myvm:/tmp/local.txt
shuck logs myvm -f
# Clean up
shuck destroy myvm
Configuration
Copy config.example.toml to one of the discovery paths:
~/.config/shuck/config.toml(user)/etc/shuck/config.toml(system)
Or pass --config /path/to/config.toml explicitly. See config.example.toml for all available fields.
Platform Support
| Platform | Backend | Networking | Status |
|---|---|---|---|
| Linux x86_64 | Firecracker | TAP + nftables NAT, port forwarding | Usable |
| macOS ARM64 | Apple Virtualization.framework | Shared NAT (VZ-managed) | Experimental |
Architecture
CLI (shuck) ──> REST API (shuck-api) ──> Core (shuck-core)
├── VMM (shuck-vmm) Firecracker / Apple VZ
├── State (shuck-state) SQLite persistence
├── Net (shuck-net) TAP devices, IP allocation
└── Storage (shuck-storage) Rootfs cloning
Guest Agent (shuck-agent) ←── Proto (shuck-agent-proto)
Host-guest communication uses vsock (port 52). Messages are length-prefixed JSON with base64-encoded binary payloads.
Development
Requires Rust 1.90+ and cargo-nextest.
make build # Debug build
make build-release # Release build (LTO, stripped)
make build-agent # Static musl agent for guest VMs
make test # Full test suite
make test-unit # Unit tests only
make lint # fmt-check + clippy
make check # Type check
make install # Install (auto-detects macOS, signs binary)
Running a Development VM
make run-daemon # Start daemon
make build-agent-aarch64 # Build ARM64 agent (macOS guests)
make update-rootfs # Inject agent into rootfs image
Systemd
A systemd unit file is provided at contrib/shuck.service.
License
See LICENSE.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file shuck-0.0.1.tar.gz.
File metadata
- Download URL: shuck-0.0.1.tar.gz
- Upload date:
- Size: 169.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
981752eb0342655ca696f62d2bf89b1283646faeaed7fe0df11f6d600c3b965f
|
|
| MD5 |
ba457be99cf630c330981d6941ccc13e
|
|
| BLAKE2b-256 |
3695685f7a27d4571a8226729a68bc653cd017ef7fefb21ea798b952917bb9e7
|
File details
Details for the file shuck-0.0.1-py3-none-manylinux_2_28_x86_64.whl.
File metadata
- Download URL: shuck-0.0.1-py3-none-manylinux_2_28_x86_64.whl
- Upload date:
- Size: 7.8 MB
- Tags: Python 3, manylinux: glibc 2.28+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
daa528f9d06f1fb9c8cda426408492b8396af06d58e7518de1010de12fb5c212
|
|
| MD5 |
617da1525e4ec26f5d6bffd384713555
|
|
| BLAKE2b-256 |
9534c9e7c84638c30c35ffe91cdb8154e3224deb5d659f3b2d2feea0b11bfda2
|
File details
Details for the file shuck-0.0.1-py3-none-manylinux_2_28_aarch64.whl.
File metadata
- Download URL: shuck-0.0.1-py3-none-manylinux_2_28_aarch64.whl
- Upload date:
- Size: 7.5 MB
- Tags: Python 3, manylinux: glibc 2.28+ ARM64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
476c62ce5fbff36a628bd674ae50bae007da7f998013427af98770b9c0759da7
|
|
| MD5 |
225354a2b48629a6db476bdc08aad0b2
|
|
| BLAKE2b-256 |
3707485b728420a26fa54c48b491a053e60c3b57fcb4d6b2023c264c8b2f1d93
|
File details
Details for the file shuck-0.0.1-py3-none-macosx_11_0_arm64.whl.
File metadata
- Download URL: shuck-0.0.1-py3-none-macosx_11_0_arm64.whl
- Upload date:
- Size: 7.1 MB
- Tags: Python 3, macOS 11.0+ ARM64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
420efdd54e57dd42fc8d211c27f0e9f1e34f43c4213bcf3d80c91435e3d830cc
|
|
| MD5 |
6efd80df0864ea498208cc1df196bdb8
|
|
| BLAKE2b-256 |
f0153d8ac0d3144fa11908dea0d3c45207f4ce2b58751faa12e7ddece4f4d6c3
|
File details
Details for the file shuck-0.0.1-py3-none-macosx_10_12_x86_64.whl.
File metadata
- Download URL: shuck-0.0.1-py3-none-macosx_10_12_x86_64.whl
- Upload date:
- Size: 7.5 MB
- Tags: Python 3, macOS 10.12+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
234e55dcc8dc8eb9a0cf73d6ff2d6852846b35300bbc93f5a572d37e75cfb91a
|
|
| MD5 |
8c6c580b4c732711cbf7cb9cbc3b94aa
|
|
| BLAKE2b-256 |
a9188220a64b66c2fcdcbee658d33c5e9601d0dad19c5bfd3428f2fa3de9b24d
|
