Quickstart — 5-minute self-host

Quickstart

5-minute self-host

Prerequisites

A Linux x86_64 host with /dev/kvm (bare metal, a cloud VM with nested virt, or a local Linux box). For the standard tier, install Firecracker + jailer to /opt/ne-enclave/bin/. macOS is dev-only (use a Linux VM).

Step 1

Install

install

curl -fsSL https://github.com/Infrastacks/neuronedge.ai/releases/latest/download/install.sh | sh

The installer downloads + verifies the nee binary, creates the system user + directory layout, renders hardened systemd units, fetches the default guest image, and starts the services.

verify

nee doctor
systemctl status ne-supervisor ne-api

Step 2

Create a workspace + run a command

create (REST)

# Create a workspace (REST API)
curl -s http://127.0.0.1:8080/v1/workspaces \
  -H 'Content-Type: application/json' \
  -d '{
    "workspace_id": "hello",
    "kernel_image_path": "/var/lib/ne-enclave/images/kernels/<digest>/vmlinux",
    "rootfs_image_path": "/var/lib/ne-enclave/images/rootfs/<digest>/rootfs.img",
    "vcpu_count": 1,
    "mem_size_mib": 512
  }'

exec (REST)

curl -s http://127.0.0.1:8080/v1/workspaces/hello/exec \
  -H 'Content-Type: application/json' \
  -d '{"command": "echo", "args": ["hello from a microVM"]}'

The command runs inside a Firecracker microVM with its own kernel — isolated from the host. The response includes stdout, stderr, and exit code.

Step 3

Python SDK

install

pip install neuronedge-enclave

Python

from ne import Client

c = Client("http://127.0.0.1:8080")

ws = c.create_workspace("my-agent",
    kernel_image_path="...",
    rootfs_image_path="...")

result = c.execute_command(ws.workspace_id,
    command="echo", args=["hello from Python"])
print(result.stdout)

snap = c.snapshot(ws.workspace_id)
c.fork_workspace(snap.snapshot_id, new_workspace_id="plan-b")
c.destroy_workspace(ws.workspace_id)

Step 4

TypeScript SDK

install

npm install @infrastacks/enclave

TypeScript

import { Client } from "@infrastacks/enclave";

const c = new Client("http://127.0.0.1:8080");

const ws = await c.createWorkspace({
  workspace_id: "my-agent",
  kernel_image_path: "...",
  rootfs_image_path: "...",
});

const result = await c.executeCommand(ws.workspace_id, {
  command: "echo",
  args: ["hello from TypeScript"],
});

What just happened?

You created a Firecracker microVM — a full hardware-virtualized guest with its own kernel — ran a command inside it, wrote a file, snapshotted it, and forked it. Every action was captured as a signed audit event. The workspace was isolated from the host at the hardware level.