Open source, AGPL-3.0 licensed

One command.
Full dev environment.

Clone a repo with a podfile.yaml, run podspawn dev, get packages, services, and a shell. Locally or over SSH.

Get Started GitHub

terminal

$curl -sSfL https://podspawn.dev/up | bash

Define once, reproduce anywhere.

Commit a podfile.yaml to your repo. Every contributor, CI runner, and AI agent gets the exact same environment.

podfile.yaml

# Inherit common dev tools
extends: ubuntu-dev

packages:
  - go@1.25
  - nodejs@22

services:
  - name: postgres
    image: postgres:16
    env: { POSTGRES_PASSWORD: devpass }

on_create: |
  go mod download
  npm install

What you get

Ubuntu 24.04 + git, ripgrep, fzf, neovim, jq

Go 1.25 (official tarball)

Node.js 22 (NodeSource PPA)

Dependencies pre-downloaded

postgres:16 on localhost:5432

Code bind-mounted at /workspace

Passwordless sudo, UID 1000

Local, remote, or both.

Three ways to use the same tool. Same Podfile, same containers, same workflow.

Start here

podspawn dev

$ podspawn dev

$ podspawn down

$ podspawn init

Auto-detect Podfile, build, mount your code, start services, drop into a shell. One command.

Named machines

$ podspawn create backend

$ podspawn shell backend

$ podspawn stop backend

Long-lived containers that persist across sessions. Create once, attach from anywhere.

SSH mode

$ ssh alice@work.pod

$ scp file alice@work.pod:

$ rsync -e ssh . alice@work.pod:.

Native sshd. Zero client install. SFTP, VS Code Remote, JetBrains Gateway all work.

Built for real development.

Composable Podfiles

extends: ubuntu-dev inherits a base with git, ripgrep, fzf, neovim, jq. Your Podfile adds what's specific to your project. Deep merge with bang-replace syntax for full control. Multi-level chains supported.

extends + deep merge

base: ubuntu-dev

packages: [git, curl, ripgrep, fzf, neovim, jq, make]

shell: /bin/bash

extends

your podfile.yaml

packages: [go@1.25]

services: [postgres:16]

on_create: go mod download

merged result

packages: [git, curl, ripgrep, fzf, neovim, jq, make, go@1.25]

services: [postgres:16]

on_create: go mod download

Companion services

Postgres, Redis, or any Docker image as sidecar containers on a shared bridge network. Access them by name -- postgres:5432 resolves inside your container. Services start with podspawn dev and stop with podspawn down.

your dev container

myapp-a3f8

ubuntu:24.04 + go@1.25

podspawn-alice-net

postgres

:5432

redis

:6379

Access by name: postgres:5432 resolves via Docker DNS

Hardened by default

Security isn't an afterthought. Every container drops all capabilities, enables no-new-privileges, and enforces PID limits. Per-user bridge networks isolate traffic. Optional gVisor runtime for untrusted workloads.

security defaults

cap-drop ALL

No kernel capabilities

no-new-privileges

No privilege escalation

PID limits

Fork bomb protection

per-user networks

Traffic isolation

gVisor runtime

Sandboxed syscalls

audit logging

JSON-lines events

Every SSH feature works

SFTP, scp, rsync, port forwarding, agent forwarding. VS Code Remote, JetBrains Gateway, Cursor. Because podspawn hooks into native sshd, not a custom SSH server. OpenSSH handles the protocol.

native sshd = everything works

SFTP

File browser

scp

File copy

rsync

Incremental sync

Port fwd

-L / -R tunnels

Agent fwd

SSH keys pass-through

VS Code

Remote extension

JetBrains

Gateway

Cursor

AI editor

Any client

OpenSSH compatible

How it compares

Podspawn competes with Codespaces, Coder, and ContainerSSH. Not Docker Desktop or WSL.

Feature	podspawn	ContainerSSH	Coder	Codespaces
One-command setup
Native sshd
Podfile composition	extends + merge			features
Companion services
All SSH features
Ephemeral + persistent	both	ephemeral	persistent	persistent
Zero client install
Self-hosted
Local mode
Open source	AGPL	Apache	AGPL

Try it in 30 seconds

Install the binary, enter your project, run podspawn dev. No Podfile yet? podspawn init scaffolds one.