Declarative. Isolated. Reproducible.

Lightning fast, local first sandboxes that secure the supply chain across devs, agents, and CI.

Get Started Join the waitlist Read the Whitepaper

minimal run claude

$ minimal run claude

Start Cold 13x Faster.

Boot secure environments in seconds. Outperform the Docker daemon.

80% Leaner Storage.

Shared global caching. Prebuilt packages that won't bloat disks.

Install 100x Faster.

Resolve dependencies in milliseconds. Stop waiting for failed builds.

High Environmental Parity.

Repeatable executions. Identical sandbox configurations.

minimal.toml

FORK

PROMPT

BUILD

TEST

SBOM

FORK

PROMPT

BUILD

TEST

SBOM

FORK

PROMPT

BUILD

TEST

SBOM

FORK

PROMPT

BUILD

TEST

SBOM

ARTIFACT

Hermetic environments for devs and agents

Minimal provides reproducible environments that run entirely from an isolated sandbox on your machine. Declare your packages and dependencies once, in a configuration file that lives within your code and travels across branches, forks, and worktrees.

Run your tasks from anywhere and get the same result on every machine.

Minimal comes with:

Linux namespace isolation
Nickel build specs with static types and contracts
Content addressed caching across dependency graphs
SBOM generation
Cryptographic attestation

alternative software

	Docker	Nix	asdf	mise	devbox	Minimal
Sandboxed execution	yes	no	no	no	no	yes
Environmental parity	partial	yes	no	partial	yes	yes
Daemonless	no	yes	yes	yes	yes	yes
Declarative configuration	yes	partial	yes	yes	yes	yes
Content addressed	no	yes	no	no	yes	yes
Supply chain visibility	partial	partial	no	no	partial	yes
Rapid invocation	no	no	no	yes	no	yes

Why are we building Minimal?

Because developers, managers, and infosec teams deserve better.

Every tool on the market demands a tradeoff. You can have isolation OR speed, reproducibility OR simplicity, usability OR supply chain security.

Minimal exists to provide a consistent foundation for software development, whether the dev is physical or not, with features like real isolation, supply chain attestation, rapid invocation, and more.

minimal update

$ minimal update

✓ base            1.0.0
✓ rust-toolchain   1.82.0
✓ openssl          3.4.1
✓ zlib             1.3.1
✓ curl             8.11.1
✓ nodejs           22.12.0
✓ python           3.13.1
  ... 7 more

Resolved in 1.2s

$

Packages

Minimal curates a library of verified, open-source packages that fit directly into your project. These packages are defined by Nickel-based build specifications and reviewed regularly for security vulnerabilities.

All packages are compiled from source and built in a SLSA-compliant, hermetically sealed environment. The outputs are stored in a content-addressable cache, enabling dependency resolution in seconds. Whenever the package build specification is updated, the package is rebuilt and revised in the cache.

minimal dump --packages openssl

$ minimal dump --packages openssl
[{
  "name":          "perl",
  "spec_hash":     "51789e95...22b5401",
  "is_prebuilt":   false,
  "is_collection": false,
  "target":        "amd64/linux",
  "build_deps": [
    {
      "type":     "local_file",
      "filename": "build.sh",
      "hash":     "bfb6961f...5efeb684"
    },
    {
      "type":   "source",
      "from": {
        "type":   "web",
        "url":    "gs://minimal-registry/perl-5.42.0.tar.xz",
        "sha256": "73cf6cc1...bdbdd0c3"
      }
    },
    ...
  ]
}]

Software Provenance

To join Minimal's curated library, every package has its provenance tested and verified. Packages require:

Verified upstream dependencies
SLSA Build L3
CycloneDX v1.5 SBOMs with dependency graphs and PURLs
Vulnerability Exploitability eXchange (VEX) suppression with expiry and EOL detection

gominimal/pkgs

packages/

TOOLCHAINS

rust

python

nodejs

openjdk

...

LIBRARIES

openssl

zlib

curl

sqlite

ca-certs

...

BUILD TOOLS

cmake

meson

autotools

ninja

base

...

harnesses/

NATIVE

cargo

cmake

meson

...

NODE

npm

pnpm

yarn

...

PYTHON

pip

poetry

...

Package Ecosystem

Minimal ships packages for:

Coding languages like C/C++, Rust, Python, Java, Go, JavaScript, Node.js, and more
Hundreds of common dependencies, including OpenSSL, zlib, curl, and SQLite
Build systems like CMake, Meson, Autotools, Cargo, and npm

Get the work done directly with:

AI coding agents like Claude Code, Cursor, and others
CI/CD software like GitHub Actions, GitLab CI, Jenkins
Streamlined engineering workflows for both Linux and macOS

minimal.toml

[upstream]
repo   = "https://github.com/gominimal/pkgs"
branch = "main"

[harness]
use = "bun"

[defaults]
state_key = "dev"

[tasks.shell]
packages = ["base"]
exec     = "bash -l"

[tasks.test]
packages = ["base"]
bash     = "bun test"

[tasks.claude]
packages = ["base", "claude-code"]
exec     = "claude --dangerously-skip-permissions"

Install Minimal

Minimal is available for early access on Linux and macOS.

curl --proto "=https" --tlsv1.2 -fsSL https://go.minimal.dev/install.sh | sh

Read the Docs

minimal policy check

$ minimal policy check

✓ provenance        SLSA Build L3 attestation
✓ sbom              CycloneDX v1.5 with PURLs
✓ vuln-scan         max severity ≤ medium
✓ eol-detection     no end-of-life packages
✓ version-pinning   pin_major = true
✓ allowed-packages  base, rust-*, nodejs-*, python-*
✓ denied-packages   *-nightly
✓ shared-cache      cache.minimal.dev/acme-corp

42 packages audited in 0.3s
policy: pass

$

Enterprise

Minimal Cloud provides managed infrastructure for teams needing deterministic environments at scale, including shared caches, policy enforcement, and audit-ready attestation for SLSA Build L2 and beyond.

Managed deployments. Reproducible environments that scale with your team
Private cache. Dedicated, content addressed package cache shared across your fleet
Policy enforcement. Define what packages, versions, and sources are permitted
Audit trail. Full provenance chain for every environment and artifact
Package update SLAs. Committed timelines for security patches and version upgrades

Join the waitlist

FAQ

Why should I use Minimal?

Minimal provides reproducible and performant environments that are secure by default. "Works on my machine" becomes "works on every machine."

Every Minimal environment is isolated, so you can safely run your workload with agents or on CI and expect deterministic results.

Every dependency is vetted and cached, with SBOM and attestation generated for every environment.

Where can I run Minimal?

Minimal is local first, and can be tested today using our installer. Sign up for early access to Minimal Cloud.

What platform/architecture does Minimal support?

Minimal supports x86-64 and ARM64 on Debian 13 / Ubuntu 24.04 LTS or later, and ARM64 on macOS 26.3 or later.

What languages can I use Minimal with?

Minimal supports most modern languages, such as C, C++, Rust, Python, Java, Go, and JavaScript.

Is Minimal just another Nix wrapper?

No. Minimal was built from the ground up with Rust to be fast, performant, and driven from provenance while maintaining declarative simplicity.

How does Minimal ensure isolation?

Minimal uses microVMs on endpoints that are likely to contain sensitive information.

On Linux, Minimal has lightweight controls focused on balancing isolation and performance through traditional process sandboxing.