Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.murmur.dev/llms.txt

Use this file to discover all available pages before exploring further.

Agent VMs come with a base image containing Debian 12, Node.js, Claude Code, Git, and common tools. If your agents need additional tools — Go, Python, Docker, CUDA, your internal SDKs — you have two options: startup scripts (fast iteration) and baked images (production).

What’s pre-installed

The platform base image includes:
ToolNotes
Debian 12Base OS
GitVersion control
Node.jsPinned version
Claude Code@anthropic-ai/claude-code
GitHub CLI (gh)Authenticated automatically
ttydWeb terminal server
jq, curl, tmuxCommon utilities

Recipes and murmur bake

Bake your toolchain into a custom VM image. The image is cached — VMs boot instantly with everything pre-installed. Good for: large installs (Go, Python, Docker, CUDA), stable toolchains.

Create a recipe

cat <<'EOF' | murmur set recipe go-python
name: go-python
base_image_gce_ref: murmur-base-v1
provisioning_script: |
  #!/bin/bash
  set -euo pipefail

  # Go
  curl -fsSL https://go.dev/dl/go1.22.4.linux-amd64.tar.gz | tar -C /usr/local -xz
  echo 'export PATH=$PATH:/usr/local/go/bin' >> /etc/profile.d/go.sh

  # Python
  apt-get update && apt-get install -y python3 python3-pip python3-venv
  pip3 install pytest requests flask

  # Clean up
  apt-get clean && rm -rf /var/lib/apt/lists/*
provisioning_timeout: "30m"
description: "Go 1.22 + Python 3 with common packages"
EOF

Trigger the bake

murmur bake go-python default us-central1
This starts a Packer build in the background. Monitor progress: 
murmur bakes ls               # list all bake workflows

Use the image

Reference the resulting image in your workspace: 
image_ref: go-python

Image identity

Baked images have a deterministic identity — SHA-256(base_image + script + architecture). If you change the recipe, a new bake produces a new image. If nothing changed, the existing image is reused.

Choosing a strategy

StrategyBuild timeBoot timeBest for
Startup scriptNoneAdds install timeSmall packages, config files, rapid iteration
Baked image5-15 min (one-time)InstantGo, Python, Docker, CUDA, large SDKs
Recommended workflow: Start with a startup script while iterating on your toolchain. Once stable, move the install commands into a recipe, bake the image, and remove the startup script.

The murmur user contract

Recipe provisioning scripts run as root, but agents run as the unprivileged murmur user (/home/murmur). Everything your recipe installs — binaries, config files, dotfiles, environment — must be readable and executable by murmur at runtime. Files that only root can access will cause silent failures when the agent tries to use them.

Idioms

Install to system paths (already in murmur’s $PATH): 
# /usr/local/bin is on PATH and world-executable by default
curl -fsSLo /usr/local/bin/mytool https://example.com/mytool
chmod +x /usr/local/bin/mytool
Run install commands as murmur when the tool writes to the home directory: 
sudo -u murmur bash -c 'curl -fsSL https://get.sdkman.io | bash'
Fix ownership for files dropped as root into murmur’s home: 
cp myconfig /home/murmur/.myconfig
chown murmur:murmur /home/murmur/.myconfig
Add to $PATH if your install path isn’t in the default PATH: 
echo 'export PATH=$PATH:/opt/mytool/bin' >> /etc/profile.d/mytool.sh

What’s on the base image

When editing a recipe in the dashboard, expand “What’s on <image>” below the base image picker to see the provisioning script that built your base image. This shows exactly what’s already installed — no guessing.

Secret allowlist

Recipes can reference tenant secrets needed during the build (e.g., private registry credentials): 
secret_allowlist:
  - ARTIFACTORY_TOKEN
These secrets are injected during the Packer build only, not into the final image.