Declarative. Isolated. Reproducible.

Lightning fast, local first sandboxes that coordinate devs, agents, and CI.

GET STARTED
minimal run claude 
$ minimal run claude

Hermetic environments for machines and humans

minimal.toml 
# Declare once. Run anywhere.

[upstream]
repo   = "https://github.com/gominimal/pkgs"
branch = "main"

[harness]
use = "pnpm"

[tasks.test]
exec = "pnpm test"

[tasks.build]
exec     = "pnpm build"
packages = ["base", "nodejs-22", "openssl"]

[tasks.shell]
packages = ["base", "vim", "git", "claude-code"]
exec     = "bash -l"

Minimal provides isolated, reproducible environments from a single configuration file. Declare your packages and dependencies, run your tasks, get the same result on every machine.

Under the hood: Linux namespace isolation, Nickel build specs with static types and contracts, content-addressed caching via Blake3 across the minimal dependency graph, SBOM generation, and cryptographic attestation.

Why Minimal

minimal run shell 
$ minimal run shell
Resolving task shell...

✓ base 1.0.0          cached
✓ vim 9.1.0           cached
✓ git 2.47.0          cached
✓ claude-code 1.0.30  cached

Assembling sandbox rootfs...
✓ Environment ready in 48ms

# Isolated namespace. Same packages,
# same versions, every machine.
# No daemon. No image pull. No drift.

minimal:shell ~/project $

The tools the industry settled on were designed for a simpler time. Docker images are opaque and rebuilt wholesale. Nix is reproducible but demands its own language. Package managers resolve at install time and hope. Cloud sandboxes run these same frozen snapshots faster, but faster doesn't fix the model.

Minimal is designed for the next decade of software development, not the last one. Composable environments, declared once, versioned, and provenance-driven. Your configuration lives with your code and runs on your compute.

Performance

minimal update 
$ minimal update
Resolving 14 packages from cache...

✓ base           1.0.0    hardlinked
✓ rust-toolchain  1.82.0   hardlinked
✓ openssl         3.4.1    hardlinked
✓ zlib            1.3.1    hardlinked
✓ curl            8.11.1   hardlinked
✓ nodejs          22.12.0  hardlinked
✓ python          3.13.1   hardlinked
  ... 7 more

Resolved in 1.2s · 14 pkgs · 0 network fetches
Rootfs assembled in 34ms · 847 hardlinks

# No daemon. No image layers. No registry pull.
# Content-addressed. Only changed specs rebuild.

Build infrastructure is slow because it copies files, resolves dependencies at runtime, or runs through daemons never designed for machine-scale throughput. Minimal hardlinks curated, provenance verified packages into a sandbox rootfs. Resolution happens once, before execution begins. Every dependency is pre-built and available from cache without hitting an upstream registry.

  • * Dependency resolution from cache in seconds for most environments
  • * Only changed specs trigger rebuilds
  • * Environment assembly in milliseconds
  • * Parallel task execution across the dependency graph

Supply Chain Security

minimal verify openssl 
$ minimal verify openssl

Package:  openssl 3.4.1
Source:   github.com/openssl/[email protected]

✓ SLSA Provenance v1  Build L3
✓ Signature           ed25519 verified
✓ SBOM                CycloneDX v1.5 · 4 deps
✓ Vulnerability scan  0 critical · 0 high
✓ Scorecard           8.4/10 · maintained
✓ Content hash        blake3:a7f3c9d2...match

Dependencies:
   zlib 1.3.1       blake3:match
   perl 5.40.0      blake3:match
   ca-certs 2024.12 blake3:match
   libc-musl 1.2.5  blake3:match

Like Nix, Minimal curates its own package set. Unlike Nix, every package is provenance verified and tested before it enters the Minimal registry. Your environment inherits that trust. Environments stay pinned by configuration and in turn, share a simple, robust upgrade path.

Integrated vulnerability scanning and provenance, not bolted on after the fact.

  • * SLSA Build L3 provenance on every package. Signed with ed25519
  • * Full SBOMs. CycloneDX v1.5 with dependency graphs and PURLs
  • * Every upstream dependency verified before it enters Minimal's package ecosystem
  • * VEX suppression with expiry. EOL detection. Nothing stale ships

Ecosystem

minimal search 
$ minimal search --category toolchain

Toolchains                    latest
─────────────────────────────────────
rust-toolchain                  1.82.0
go                              1.23.4
python                          3.13.1
nodejs                          22.12.0
openjdk                         21.0.5

Libraries                     latest
─────────────────────────────────────
openssl                         3.4.1
zlib                            1.3.1
curl                            8.11.1
sqlite                          3.47.2

314 packages available · gominimal/pkgs

Minimal ships packages for:

  • * C/C++, Rust, Python, Java, Go, JavaScript/Node
  • * OpenSSL, zlib, curl, SQLite, and hundreds of common dependencies
  • * CMake, Meson, Autotools, Cargo, npm

Works with:

  • * Claude Code, Cursor, and other AI coding agents
  • * GitHub Actions, GitLab CI, Jenkins
  • * Developer laptops, Linux and macOS

Install

.github/workflows/ci.yml 
# Drop-in CI integration
name: CI

on: [push, pull_request]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: gominimal/setup-minimal@v1
      - run:  minimal run test

  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: gominimal/setup-minimal@v1
      - run:  minimal build
      - run:  minimal verify --all

Minimal is available for local install on macOS and Linux:

Beta Linux macOS 
curl --proto "=https" --tlsv1.2 -fsSL https://go.minimal.dev/install.sh | sh
READ THE DOCS

Enterprise

policy.toml 
# Enforce org-wide package policy

[policy]
require_provenance = true
require_sbom       = true
max_vuln_severity  = "medium"

[policy.packages]
allow = ["base", "rust-*", "nodejs-*", "python-*"]
deny  = ["*-nightly"]

[policy.versions]
pin_major  = true
eol_action = "block"

[cache]
shared   = true
upstream = "cache.minimal.dev/acme-corp"
ttl      = "30d"

Minimal Cloud provides managed infrastructure for teams that need deterministic environments at scale. Shared caches, policy enforcement, and audit-ready attestation for SLSA L2+.

  • * Managed deployments. Reproducible environments that scale with your team
  • * Private cache. Dedicated, content-addressed package cache shared across your fleet
  • * Policy enforcement. Define what packages, versions, and sources are permitted
  • * Audit trail. Full provenance chain for every environment and artifact
  • * Package update SLAs. Committed timelines for security patches and version upgrades

Request access:

About

Minimal is built by Minimal Software Research. We believe the future of software requires provenance and determinism at the foundation.

For further information or to request a demonstration, contact the CEO, Jake, directly: [email protected]