The secure personal AI agent platform.
Maturana turns your machine into a hardened host for always-on AI agents. Every agent runs in its own hardware-isolated microVM — so you get the usefulness of autonomous agents without handing over your machine, your data, or your keys.
Autonomous agents, without the blast radius.
Personal AI agents are genuinely useful — they browse, write code, run tools, and keep working while you sleep. The problem is what they ask for in return: broad access to your machine, your desktop, your credentials, and your data. Maturana keeps the usefulness and removes the trust. Install it once on a VPS or home server, configure your agents using the web interface or CLI, and let each one live inside its own disposable, hardware-isolated cell. On top of that, existing personal agent platforms are often unreliable, crashing when changing configuration or during an update. Maturana is built with stability and reliability in mind, targeting a monthly release.
Pick a runtime per agent — Codex, OpenCode, or Claude Code — pair a console or a messaging channel, and operate a whole fleet from one server you own end to end.
Useful agents you can actually trust.
Hardware isolation is the default, not an add-on. Agents never touch your host, your keys, or each other — they reach the network only through an audited, allowlisted proxy.
Each agent gets its own Firecracker microVM with its own guest RAM allocation — the VMM overhead is single-digit MiB on top, so a 4 GiB box hosts a small agent comfortably and a 16 GiB box hosts a small fleet. Configuration is plain text: adding the tenth agent is as cheap as the first.
Boring on purpose. Snapshots, fast restore, and tamper-evident logs mean an agent that misbehaves is a rollback away from known-good — not an incident.
Two ways in, same surface: a clean web console for browser-based operators and a single-binary CLI (`maturana`) for the shell. No control plane to rent, no dashboard to learn. You are running agents within minutes.
Built for hostile code, by design.
Hardware isolation
Every agent runs in its own Firecracker microVM. The boundary is enforced by KVM on top of the CPU's virtualisation extensions (Intel VT-x / AMD-V) — hardware-level, not just kernel-level, so each agent gets its own kernel inside its own guest. The browser, the tools, and the model runtime all execute inside that guest; the host that holds your secrets is never exposed to the code an agent runs.
Snapshot & rewind
Agent VMs can be snapshotted and restored in seconds. Suspect exfiltration or compromise? Roll that single agent back to a known-good state instantly, while its audit trail is preserved for investigation.
Browser in a VM
Web browsing uses headless Chromium inside the guest. A hostile page or a browser exploit hits a disposable microVM that can be thrown away — never your laptop, and never the host.
Secure key registry
Credentials live host-side in a sealed registry and are injected through the egress proxy at request time. API keys and tokens are used on the agent's behalf without ever entering the agent's VM.
Why we built it
Most agent platforms ask for too much trust. They run with broad access to your machine, store secrets next to the code that uses them, and fall over the moment an agent does something unexpected. For anything beyond a demo, that is a poor trade.
We wanted the opposite: infrastructure that assumes the agent, its browser, and its tools are hostile — and stays calm anyway. Security is the foundation, not a feature flag, and stability comes from small, recoverable units rather than one sprawling process you simply have to trust.
Maturana is inspired by the stability and reliability of the BSD Unix projects — slow, deliberate releases, a small auditable core, and an operating discipline that treats deletion as a feature. The same philosophy applies here: small surface, signed packages, monthly cadence, and tooling that prefers boring over clever.
Maturana is named after Humberto Maturana, the biologist who described living systems as self-producing and self-bounded. That is the model: many small, bounded, recoverable cells, each doing useful work, none able to take down the whole.
Running in three commands.
$ curl -fsSL https://maturana.sh/install.sh | bashRun this on a Linux x86_64 VPS or workstation with KVM enabled. The installer checks the host, pulls dependencies and Firecracker, builds the binaries, seeds a config, and registers a user service. If preflight tells you `/dev/kvm` is missing, see the KVM note below — most cheap shared-kernel VPS hosts can't run Maturana; pick one that exposes nested-or-real virtualisation.
$ maturana startBring up the daemons (router + egress proxy). The router serves the local console and supervises your agent fleet, handling pairing, sessions, scheduling, and restarts. `maturana stop` and `maturana restart` round out the lifecycle.
$ maturana configureOpen the printed console URL, add your credentials to the key registry, choose runtimes and models, create agents, and pair a channel. That is it — your first agent is live.
Open source, and open to help.
Star the repo
Maturana is open source under BSD-3-Clause. Stars help others find it and tell us the direction resonates.
Open on GitHubOpen an issue
Found a rough edge, a security concern, or a feature you need? Issues are read and triaged — clear reproductions are gold.
File an issueSend a pull request
Runtimes, adapters, hardening, and docs are all fair game. Start small, keep it boring, and the review will be quick.
Open a PRThe person behind it.
I architect agentic AI systems and lead large-scale technology transformations for financial services, telecommunications, and private equity. Over sixteen years across Bain, ING, and Kearney, I have learned that the gap between an impressive AI demo and a system you can actually run in production is almost entirely about security, stability, and operational discipline.
Maturana is the open-source expression of that work: secure autonomy and infrastructure built for real use rather than applause. If you are taking agents to production, I would genuinely like to hear about it.