Skip to main content
LTHN Documentation
Back to website
Components

Core VM

A Docker-free container runtime — immutable images, no daemon, with LinuxKit, Apple VZ, or the experimental TIM format behind one interface.

doc/components/vm.md

Core VM, the go-container package, is a container runtime without daemon overhead. It runs immutable images directly, with no shared Docker daemon. It backs portable development environments through core/dev, and isolates LEM (Lethean Ethical Models) so each model runs in its own container. The Go module is dappco.re/go/container.

Install

go get dappco.re/go/container@latest

import "dappco.re/go/container"

From the CLI:

core run app.yml
core run app.yml --provider vz
core vm list

State and images live under ~/.core/.

Three providers, one interface

All providers share a single Provider interface — Build, Run, Encrypt, and Decrypt — so the runtime is the same regardless of which backend executes the container.

Provider Status Platform
LinuxKit Production (default) Linux, macOS
Apple VZ Production macOS 26+
TIM Experimental Linux, macOS

The guiding principle is to default to trusted technology and treat the homegrown format as experimental. LinuxKit is the default because it is community-backed and tested in production. Apple VZ runs in-process on macOS 26 and later through the Virtualization Framework. TIM (The Immutable) is a lightweight directory-bundle format built for the Lethean ecosystem.

Immutable by design

Base images are read-only, with writable mounts declared explicitly. Isolation comes from LinuxKit, VZ, or TIM rather than a shared daemon, and images can be encrypted at rest: dm-crypt volumes under LinuxKit, Sigil encryption under TIM.

A LinuxKit image is described in YAML — kernel, init, boot-time services, long-running services, files, and mounts:

kernel:
  image: linuxkit/kernel:6.6.13
  cmdline: "console=tty0"

init:
  - linuxkit/init:v1.0.0
  - linuxkit/runc:v1.0.0
  - linuxkit/containerd:v1.0.0

services:
  - name: sshd
    image: linuxkit/sshd:v1.0.0
    command: ["/usr/sbin/sshd", "-D"]

Managing containers

The CLI covers the container lifecycle, images, and templates.

core vm list
core vm start <name>
core vm stop <name>
core vm console <name>
core vm images

Container and image state is persisted as JSON to ~/.core/containers.json. Reads return copies to prevent data races, and CORE_IMAGES_DIR and CORE_CONFIG_DIR override the default locations.

Development environments

The devenv package composes the runtime into a development workflow: boot, stop, and status; SSH shell and serial console access; and project mounting via reverse SSHFS rather than host bind mounts, which keeps the setup portable across platforms. It auto-detects the project type and its serve and test commands, so a Go project gets go run . and go test ./..., a Node project gets npm start and npm test, and so on.

As a library

Embed the runtime in Go to manage containers directly:

import "dappco.re/go/container"

manager := container.NewLinuxKitManager()
image, err := manager.Build(context.Background(), "app.yml")
if err != nil {
    return err
}
container, err := manager.Run(context.Background(), image, container.RunOptions{})