I realized it’s really not secure to run coding projects directly on my Mac. All the NPM hacks recently, especially with agentic coding — you’re always one npm install away from a disaster.
So I’ve built a small CLI called machine that starts a Lima VM for each of your projects. It supports declarative “profiles” which are like package.json for your VM. The default profile comes with standard stuff like Node.js, git, Docker, Claude Code and Codex.
If you share your projects.toml with your team, every developer can spin up your team’s entire dev environment with one command. No need to install dev tools, clone repos, npm install anything manually.
Another cool thing is that you can use the native MacOS keychain or 1password to forward SSH signatures to the VM. So every time you need to commit or push code, you touch the Touch ID key and it’s signed. SSH keys never leave the host.
The same is done for env variables and secrets. You inject them with one command from 1password when the machine starts and they are never stored in a file.
Repo: https://github.com/katspaugh/machine
Genuinely curious about your feedback!
0 comments