Two install paths. Pick the one that matches what you're doing.
Docker gets you running in 30 seconds. The VM appliance is the production target — it's the only path that supports Code Sessions (per-call fork into a fresh agent VM), because Docker doesn't delegate cgroup v2.
Pull, run, open the dashboard — 30 seconds.
Best for: kicking the tires, dashboard preview, policy authoring.
Bootable image. Full feature surface. Signed and verifiable.
.qcow2, .vmdk, .img.gz, .box — every hypervisorBest for: production agents, code-session workloads, anything that handles secrets.
Same image, every hypervisor format. Boot it on a Mac mini, a VPS, a vSphere cluster, or write it to a USB stick with dd.
Two ways. The first catches transport errors. The second proves the artifact was built by us, on our CI, from our source.
# pulls SHA256SUMS from the release sha256sum -c SHA256SUMS
One line per artifact. Confirms the file you have matches the file we published. Doesn't prove who published it.
cosign verify-blob \ --bundle kruxos-x86_64.vmdk.cosign.bundle \ --certificate-identity-regexp 'https://github.com/altvale/kruxos/.*' \ --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \ kruxos-x86_64.vmdk
Each artifact ships with a .cosign.bundle next to it on the Releases page. Verifies signer identity + OIDC issuer — proves the binary came from the altvale/kruxos GitHub Actions workflow.