Shellhaven forks a full dev environment off any branch in two seconds — real shell, your repo, services and secrets already wired — then reaps the whole thing the moment you close the tab. "Works on my machine" stops being a sentence anyone can say, because there is no machine to be on.
Trusted by teams that finally deleted their onboarding docs
What the inner loop feels like on Shellhaven
Commit a .haven.toml next to your code and every clone, branch, and pull request inherits the exact same environment — same runtime, same services, same secrets — booted on demand and reaped when idle.
Declare your runtime, databases, background services, and ports in one .haven.toml that lives in the repo. The environment ships in the same PR as the code that needs it, so setup can never drift from the app again. Edit the file, push, and the next boot reflects it — no wiki page, no Slack thread, no asking the one person who remembers how.
We keep a pre-built snapshot of your base image and dependency layers hot in the region closest to you. A new shell forks that snapshot copy-on-write instead of rebuilding it, so a cold boot lands in seconds, not minutes.
Every branch gets its own isolated machine on its own URL. Reviewers click a link and land in a running app — no fetching the branch, no rebuilding it locally, no "give me ten minutes."
A genuine Linux userland over SSH or the browser: apt-install a package, attach a debugger, tail a log, strace a wedged process. Your dotfiles ride along, so it feels like your terminal — because it is.
Shells auto-reap after 30 minutes idle and leave nothing behind. No zombie VMs, no end-of-month bill for boxes you forgot, no cleanup cron to babysit.
The same .haven.toml drives every shape of throwaway environment your team reaches for over the course of a day.
A live, shareable URL running the exact code on the branch — built for design review and QA before anything merges.
A throwaway environment boots itself when a pull request opens and tears itself down the instant it merges or closes.
Rewind to any commit and boot the environment exactly as it stood, so a six-week-old bug reproduces on the first try.
Hand a teammate a live link into your running shell and edit, debug, and run the same machine together in real time.
A clean, fully-tooled box for a risky migration or a sketchy dependency — break it however you like, then let it disappear.
Bake a snapshot inside your pipeline so the next developer to boot that branch gets a sub-second start instead of a cold build.
Ephemeral doesn't mean reckless. Every shell runs in a hardened, hardware-isolated microVM with your secrets scoped, your source contained, and a full audit trail of who booted what.
Each environment is its own hardware-virtualized microVM, not a shared container. One tenant's shell can never reach another's processes, files, or network.
Mount secrets read-only from your vault with a time-to-live measured in hours. By the time a shell reaps, its credentials have already expired.
Code is cloned into the microVM over an encrypted channel, never cached on shared disk, and wiped on teardown. Bring your own cloud region for data residency.
SAML and SCIM gate every boot, and an immutable log records who started, shared, and destroyed each environment — exportable straight to your SIEM.
“We retired a 30-page onboarding doc and replaced it with one command. New hires open a real PR on day one now instead of day five.”
“A customer hit a bug on a commit from March. I ran haven up at that SHA and reproduced it in two minutes flat. That used to cost me a whole afternoon.”
“Reviewers used to skip pulling branches because rebuilding hurt. Now every PR ships a live link, so design reviews the actual thing instead of a screenshot.”
Environments are ephemeral, so your bill is too. We meter the seconds a shell is actually running and bill nothing for idle or reaped time.
For individual developers and side projects.
For teams that live in the inner loop.
For orgs with a security team and a monorepo.
We keep a warm snapshot of your base image and dependency layers hot in the region nearest you. A new shell forks that snapshot copy-on-write and clones just your branch diff on top, so almost nothing is rebuilt. The very first boot of a brand-new config takes longer; every boot after that is sub-second from cache.
When a shell reaps — on haven down, on PR merge, or after 30 minutes idle — its microVM is destroyed, its disk is wiped, and its scoped secrets expire. Nothing survives except the snapshot of your shared base image, which is just cache. There are no idle VMs quietly accruing cost and nothing left to clean up.
Yes. Mark a volume as persistent in your .haven.toml and that path survives teardown and remounts on your next boot — ideal for a local database you're iterating on or a heavy dependency cache. Everything outside that volume stays ephemeral by default.
No. Connect over SSH from VS Code, Cursor, JetBrains Gateway, or Neovim, or work in the browser editor. Point Shellhaven at your dotfiles repo once and every shell boots with your config, aliases, and keybindings already in place.
A container shares the host kernel; a hand-built VM you have to provision and tear down yourself. Shellhaven shells are hardware-isolated microVMs defined entirely by a file in your repo, forked on demand from a warm snapshot, and reaped automatically. You get VM-grade isolation at container-grade speed with zero lifecycle management.
Each shell is its own hardware-virtualized microVM, so tenants are fully isolated from one another. Your source is cloned over an encrypted channel into that VM, never cached on shared disk, and wiped on teardown. Enterprise plans can pin every boot to your own cloud account and region for full data residency.
One command, no local install, no credit card. Point it at a branch and you're inside a running environment in two seconds.