DEVCLASS AD
Developer-focused hosting company Fly.io has introduced Sprites, VMs (virtual machines) based on the AWS-sponsored Firecracker which are designed to isolate coding agents while also providing long-running environments within which they can work.
CEO Kurt Mackey said that having agents like Anthropic Claude work in ephemeral environments does not work well, whereas with persistent VMs “Claude doesn’t have to rebuild my entire development environment every time I pick up a PR [pull request].”
Although persistent, Sprites only run when there is activity. Firecracker was designed by AWS for its Lambda serverless computing platform, where fast start-up is critical. Mackey said that a new Sprite comes online “in 1-12 seconds.” When idle, they shut down, but with persistent storage. Billing is based on CPU time, memory usage, and storage used. Simple checkpoint and restore makes it easy to revert a Sprite if the environment gets corrupted.
DEVCLASS AD
Fly.io already provides fast-launching VMs so how are Sprites different? Mackey said that “they have an entirely new storage stack,” and that they are orchestrated differently. Standard Fly VMs are based on Docker images whereas Sprites are not.
Commenting on Hacker News, Mackey also said the flyctl, the CLI (command line interface) for Fly VMs, “is complicated and, unfortunately, needs pretty aggressive auto updates. The Sprite CLI should be much better in this respect.”
Although Sprites can be used for any purpose, including long-running applications, the use case Fly.io has in mind is agentic coding, and Sprites come with Claude installed by default. AI coding is vulnerable to issues including prompt injection and hallucination, which makes it risky to use on a developer machine without isolation. One solution is to spin up temporary infrastructure but doing this frequently can be a considerable overhead. Another idea is to run in a containerised environment but this is less well isolated than using VMs.
AI enthusiast Simon Willison said that Sprites are a solution to the “terrifying way most of us are using coding agents like Claude Code and Codex CLI,” this being a reference to running agents configured not to ask for human approval before every action. “A mistake or a malicious prompt injection can cause all sorts of damage to your system and data,” he said.
DEVCLASS AD
Last month a user of Google’s Antigravity reported losing an entire drive of data thanks to a vibe coding catastrophe.
Despite Sprites or other solutions, this is a hard problem. Even running in an isolated environment, agents may have API access to systems such as GitHub which are vulnerable to compromise. Replicating enough of the production system to test and develop code securely is challenging.
According to Fly.io developer Thomas Ptacek, “We’ll have an open-source local version of it relatively soon,” which will suit developers who prefer to run local development environments rather than using a cloud provider. Some developers do this already using different tools, or rely on Docker containers though these are less well isolated than VMs.
