I wanted to test local AI agents (like openclaw) but didn't want to give them raw access to my host machine. I built Mittens to isolate them inside a Firecracker microVM, controlled via a Go/Bubble Tea TUI over vsock.

The stack & what works:

Go TUI is fully async and manages the VM lifecycle.

Bash script auto-compiles a Dockerfile into an ext4 rootfs.

Custom /sbin/init boots the OS and starts the vsock listener in <2s.

Host networking automatically bridges tap0 with NAT routing.

The blocker: The guest listener receives the prompt and executes the Node.js agent, but the process hangs silently forever until my host-side 45s timeout kills it.

I have to pivot back to my project and midterms, so I am completely out of bandwidth to debug headless Linux/Node edge cases.

I'm open-sourcing this as a boilerplate. If you like Go systems engineering, Firecracker, or want to take a crack at the network hang, the code is yours.

https://github.com/oug-t/mittens