Cross-platform container + VM runtime with a content-addressed DAG store, P2P image sync, Kubernetes CRI, native Compose, MCP AI integration, and encrypted secrets — all in a single 12 MB binary.
Full Docker CE feature parity in a single 12 MB static binary — no daemon, no overlayfs, no lock-in.
Run the same OCI image as a runc container, Firecracker microVM, or Apple Silicon VM — no separate VM image build step.
Zero-copy reads via rkyv + mmap. Layers stored once, deduplicated by content hash. Byte-identical across every node.
Nodes share image blocks peer-to-peer via gRPC and Bloom filters. One pull from registry; the rest delta-sync from each other.
Drop-in CRI shim with RuntimeClass support (pullrun-container / pullrun-vm), exec, attach, and port-forward.
Native Model Context Protocol server — let AI agents run, stop, exec, and manage workloads through natural language.
Cosign signature verification, SBOM evaluation, seccomp profiles, read-only rootfs — gate workloads before they run.
Full Compose-compatible workflow: up, down, logs, ps, build — parse standard docker-compose.yml files.
Native macOS VM backend via Virtualization.framework. No Docker Desktop, no Linux VM — just native Apple performance.
AES-256-GCM at rest, decrypted into workload tmpfs at runtime. pullrun secret create/get/ls — data stays encrypted on disk.
Install in 30 seconds and start running containers or VMs from the same OCI image.
No overlayfs CVEs. No platform lock-in. No daemon tax.
Same OCI images. Radically different architecture.
| Metric | Pullrun | Docker |
|---|---|---|
| First alpine:3.18 pull | 968 ms | ~2 s |
| Container run latency | ~400 ms | ~800 ms |
| Apple Silicon VM boot | ~160 ms | N/A |
| Idle daemon RSS | 24.6 MiB | ~90 MiB |
| Binary size | 12 MB | ~75 MB |
| Rootless by default | ✅ | ❌ |
| Containers + VMs from same image | ✅ | ❌ |
| P2P image sync | ✅ | ❌ |
| MCP AI integration | ✅ | ❌ |
| Content-addressed store | ✅ | ❌ |
| Optional daemon | ✅ | ❌ |
Install in 30 seconds. macOS, Linux, or Windows.