Bromure provides secure, ephemeral computing environments for macOS users, specifically targeting web browsing and AI coding agent sandboxing. It leverages Apple's Virtualization.framework to run disposable Linux VMs, ensuring that each session is isolated and destroyed upon closure, offering enhanced security and privacy. The project aims to prevent sensitive credentials like tokens, SSH keys, and kubeconfig files from ever entering the sandboxed environment, mitigating risks associated with compromised dependencies or AI agents.

How It Works

Bromure utilizes Apple's Virtualization.framework to create and manage disposable Linux Virtual Machines (VMs) on macOS. The core Bromure app runs browsers within these throwaway VMs, which are automatically destroyed when the session ends. The Bromure Agentic Coding variant adds a host-side MITM proxy that intercepts and replaces sensitive cloud credentials with fake ones before they enter the VM, preventing secrets from ever being exposed to the sandboxed environment. Both applications pre-warm a pool of VMs in the background for near-instantaneous session startup. SSH keys are managed via ssh-agent on the host and only the socket is forwarded, keeping keys out of the VM entirely.

Quick Start & Requirements

• Build: Run ./build.sh for the browser app or ./build.sh bromure-ac for the agentic coding app.
• Prerequisites: macOS 14 (Sonoma) or later, Apple Silicon (M1 or newer). The Virtualization.framework is ARM64-specific and only supports ARM64 guest VMs on Apple Silicon hosts.
• Setup: VM pre-warming aims for sub-second session startup.
• More Info: bromure.io

Highlighted Details

• Disposable Linux VMs for secure, ephemeral browsing and coding sessions.
• Agentic Coding app features a host-side MITM proxy to swap real credentials for fake ones, preventing secrets from entering the VM.
• Background VM pre-warming enables new sessions to open in under a second.
• Guest-host communication via vsock for clipboard, file transfer, and proxying.
• SSH keys are managed via ssh-agent on the host, with only the socket forwarded into the VM.
• Optional approval gating for sensitive credential use, requiring a click to approve requests.
• Session tracer captures all prompts, completions, tool invocations, shell commands, and file edits for review.

Maintenance & Community

• Developed by Renaud Deraison, with implementation assistance from Claude + Opus 4.7.
• The project is open source and free.
• No community links (Discord, Slack, etc.) are provided in the README or on the website.

Licensing & Compatibility

• The README does not explicitly state a license. The website mentions "Free & Open Source" but lacks specific license details.
• Compatibility is strictly limited to macOS 14+ on Apple Silicon hardware due to the reliance on Apple's Virtualization.framework.

Limitations & Caveats

• Strictly limited to macOS 14+ on Apple Silicon hardware due to the underlying Virtualization.framework dependency.
• The project's specific open-source license is not clearly stated in the provided documentation.
• While credentials are kept out of the VM, the host-side proxy and approval gating are critical security layers for sensitive operations.