run anything. trust nothing.

Kiln

Bring a Docker image, a binary, or a GitHub repo. Kiln runs it in an isolated sandbox - its own filesystem, network, CPU, and memory. SSH in or use the API. When you're done, it destroys cleanly. Pay per second. No cluster to manage. No Dockerfile required.

changelog

Linux namespace primitives in progress_

Resource limits - cgroups v2

Filesystem isolation - overlayfs + pivot_root

Networking - veth pairs + iptables NAT

Firecracker microVMs - /dev/kvm

one engineer. no ETA.

by 75asu