Getting Started
Requirements
Section titled “Requirements”| Minimum | |
|---|---|
| OS | macOS 14 (Sonoma) or later |
| Hardware | Apple Silicon (M1 or newer) |
| Disk | ~2 GB for the app + VM assets |
Capsem uses Apple’s Virtualization.framework, which is only available on Apple Silicon Macs running macOS 14+.
Install
Section titled “Install”One-liner (recommended)
Section titled “One-liner (recommended)”curl -fsSL https://capsem.org/install.sh | shThis downloads the latest signed and notarized .dmg from GitHub Releases, mounts it, and copies Capsem.app to /Applications.
Manual download
Section titled “Manual download”- Go to the latest release on GitHub.
- Download the
.dmgfile. - Open the DMG and drag Capsem.app to
/Applications.
Building from source
Section titled “Building from source”See the Development Guide for instructions on cloning the repo, installing toolchain dependencies, building VM assets, and running from source.
First session
Section titled “First session”Launch Capsem from /Applications or the command line:
open /Applications/Capsem.appOr use CLI mode directly:
/Applications/Capsem.app/Contents/MacOS/capsemOn first launch, Capsem boots a lightweight Linux VM with an air-gapped network. You get a terminal inside the sandbox with Python 3, Node.js, git, and 30+ packages pre-installed.
Using an AI agent
Section titled “Using an AI agent”Capsem comes with Claude Code, Gemini CLI, and Codex pre-installed in the VM. To start a session with an agent:
# Inside the Capsem terminalclaude # Claude Codegemini # Gemini CLIcodex # CodexAPI keys are configured in ~/.capsem/user.toml on the host:
[ai.anthropic]api_key = "sk-ant-..."
[ai.google]api_key = "AIza..."
[ai.openai]api_key = "sk-..."The keys are securely forwarded into the VM at boot time. They never touch the guest filesystem.
Network policy
Section titled “Network policy”By default, the VM is air-gapped — all network traffic routes through the host’s MITM proxy. Only explicitly allowed domains can be reached. Configure allowed domains in ~/.capsem/user.toml:
[network]allowed_domains = [ "api.anthropic.com", "generativelanguage.googleapis.com", "api.openai.com", "pypi.org", "files.pythonhosted.org", "registry.npmjs.org",]Every HTTPS request is logged to a per-session SQLite database with full method, path, headers, and body preview. The Capsem GUI shows this in real time in the Network tab.
What’s next
Section titled “What’s next”- Kernel Hardening — how the VM kernel is locked down
- Network Isolation — air-gapped networking and the MITM proxy
- Capsem Doctor — run diagnostics inside the VM