The sandbox for AI computer-use on macOS.

Active Dev. Core VM engine works. The computer-use product direction is earlier — shipping is months out. Pre-1.0 across both.

• Per-agent macOS desktop — every agent runs in its own Apple-VZ VM, ~125ms boot, <10MB overhead.
• Rollback by default — APFS snapshots per session. If an agent misbehaves, you revert the VM, not the Mac.
• Agent-safe control surface — JSON-RPC per VM: screenshot, keyboard, mouse, OCR, pause, resume. Active Dev.
• Network modes — NAT, bridged, or air-gapped. vsock-only for host ↔ guest when the agent should not reach the internet.
• Pure Go, no C bridge — access to Apple's Virtualization.framework via purego. Single static binary.

cove is pre-1.0 in two ways. The microVM engine works today — APIs may shift, pin to a release, read the changelog before upgrading. The computer-use product direction is months out from anything a customer could buy. Production use of the engine is at your own risk. Design partners welcome on both fronts.

cove is used two ways. Inside tmc labs, it is the microVM substrate skiff uses to isolate each agent. Beyond that, cove is the platform we are building agent-safe desktop control on — a sandboxed macOS per agent, with rollback and air-gap as first-class modes. Independently, operators have used cove for training workload isolation: run an MLX fine-tune in a VM with APFS snapshots per checkpoint, Nitro-equivalent without leaving your building.