In October 2025 a developer asked Claude Code to rebuild a project. It ran rm -rf starting from / and wiped every user-owned file on the machine. That's the trade you make when you give an autonomous agent a shell on the same computer you live on. Here's the fix: run Claude Code on its own always-on Firecracker microVM, give it root there, and let it work while your laptop stays untouched. The box boots in about 124ms, your Claude login never leaves it, and a bad command stays contained to a machine you can rebuild in seconds.
What Claude Code is
Claude Code is Anthropic's agentic coding tool that lives in your terminal. It reads your codebase, runs commands, edits files, and handles git workflows from natural-language instructions. It's a thin client — the heavy lifting happens on Anthropic's servers — so the thing it actually needs is a place to run, with a shell and your files.
It's happiest given room to work: hand it a refactor, a failing test suite, or a dependency bump and let it grind. That argues for a box that's always on and holds your project — not a laptop you close at 5pm.
Why a real microVM for Claude Code
A coding agent runs bash. It installs packages, edits files, and executes whatever the model decides — code no human reviewed. On your laptop, "whatever the model decides" has the run of your home directory, your SSH keys, and your browser sessions. The October 2025 wipe wasn't a fluke; in January 2026 researchers showed hidden text in a .docx could trick Claude Code into exfiltrating files via prompt injection. The safety guidance is blunt, and Anthropic's own docs echo it: before you use bypass mode, isolation is mandatory — a locked-down container or VM.
A container shares the host kernel, and there are 200-plus known weaknesses in that stack. jurniti gives Claude Code its own Firecracker microVM — its own kernel, a KVM hardware boundary, one tenant per box. The same isolation the serverless platforms use. Now you can hand the agent root and run --dangerously-skip-permissions for real autonomy, and the blast radius is one disposable VM. Something goes sideways? Reprovision and you're back in seconds.
You also keep your Claude relationship. jurniti's BYOK is architectural, not a setting: run claude /login with your Pro or Max plan, or paste an ANTHROPIC_API_KEY. The credential lives only in your VM, traffic leaves straight for Anthropic, and jurniti is never in the path. No proxy. No token markup.
Because Claude Code is so light, Starter (1 vCPU / 2 GiB) is plenty — a VPS plus a Claude plan runs the same money, except here you also get real isolation and zero box ops. And it's reversible: a 30-day money-back guarantee, workspace kept 7 days after cancellation.
Run Claude Code in 3 steps
By hand this is a VPS, Node, the installer, a non-root user, a systemd unit, tmux so sessions survive a disconnect, and a Docker wrapper if you actually want bypass mode to be safe — then patching it for as long as you run it. jurniti runs the box; you keep the agent.
1. Pick a plan and pay
Starter is enough for Claude Code. Check out, and the provision chain runs automatically the moment payment confirms.
2. Your microVM boots with Claude Code ready
A fresh Ubuntu microVM boots with the Claude Code CLI pre-installed and on your PATH. You get an in-browser terminal — nothing to SSH into. Log in and go:
claude /login # use your Claude Pro/Max subscription
# or: export ANTHROPIC_API_KEY=sk-ant-...
claude
3. Put it to work
Drop into a project, hand Claude Code a task, and close your laptop. Your CLAUDE.md, slash commands, skills, and subagents live on the persistent home, so they survive every restart.
What people run Claude Code for
- Overnight work. Give it a task, close the lid, come back to a finished diff. No dropped session when your WiFi hiccups.
- Full-autonomy runs. Bypass-permissions mode is genuinely useful when the agent can't escape the box.
- A pinned environment. Your tools, your
CLAUDE.md, your MCP servers — set up once, always there. - Parallel agents. Run a few microVMs side by side instead of ten terminal tabs you lose track of.
Snapshot a dialed-in setup into a template and fork it for the next project — your config, never your credentials.
jurniti vs a laptop vs a DIY VPS
| jurniti | Your laptop | DIY VPS | |
|---|---|---|---|
| Always on | Yes | No — it sleeps | Yes |
| Blast radius of a bad command | One disposable microVM | Your whole machine | Your whole server |
Bypass mode (--dangerously-skip-permissions) | Safe — KVM-isolated | Risky | Risky unless you wrap it |
| Claude login | Yours, never leaves the VM | Yours | Yours |
| Setup | Automatic · 124ms boot | Local install | Manual |
| Refund | 30-day money-back | n/a | None |
Pricing
Starter is $25/mo ($250/year, two months free) and comfortably runs Claude Code. Pro is $49/mo and Max $99/mo for heavier workspaces or a custom TLS subdomain. Every plan includes the 30-day money-back guarantee, and your Claude subscription or API spend is separate and never marked up.
Running a different agent? See the guides for OpenAI Codex CLI, OpenCode, and Hermes Agent, or compare plans on the pricing page.