Back to Research

Moo Versions Machines for Agent Branches

Moo gives each agent branch its own Linux machine state, so file changes and runtime services stop colliding.

Ludwig richter, tempesta sul monte scalambra presso olevano nei monti sabini, 1830, 02 fulmine, landscape painting by Ludwig Richter (1830).
Rogier MullerJuly 9, 20269 min read

moo is an alpha open-source CLI from Evan, CTO of Ito (ito.ai), that gives each Git branch, worktree, or agent attempt its own Linux machine. It deals with the messy part of parallel agentic coding: files may be isolated, but databases, ports, packages, services, and .env state still collide. The takeaway is simple: when agents are expected to run and be reviewed, machine state needs the same care as source state. That matters even in an ai code review workflow for teams, because review quality drops when nobody can recreate the runtime the agent used.

Version the runtime, not just the files

Moo is a small CLI that pairs Git state with isolated Linux machine state, so checking out code can also restore the runtime that code expected.

The project’s README says the model is intentionally tiny: one noun, the machine, and four verbs: new, run, save, and drop. A branch or agent attempt gets a hardware-isolated Linux microVM with its own database, ports, installed packages, services, and writable state.

As of July 8, 2026, the repository was MIT-licensed, mainly Rust, and explicitly alpha. It ran on macOS Apple Silicon only, with Linux hosts planned. The CLI surface was described as stable, while the snapshot format could still change before 1.0.

That alpha label matters. Moo is not a magic replacement for CI, review, or careful migrations. It is a sharp answer to one very specific local-development pain: “I have more than one branch or coding agent trying to run the same app on the same laptop.”

For engineering team ai adoption, that is a useful place to look. Not because every team needs Moo, but because it names a real boundary many teams hand-wave away: agent output is easier to trust when the runtime is isolated enough to reproduce.

Why developers cared on Hacker News

The problem is familiar if you have ever run two agents against one repo.

git worktree gives each branch its own files. It does not give each branch its own Postgres instance, Redis data, package cache, dev server port, local object store, or seeded test database. So the second agent’s “working” change may be leaning on state created by the first agent.

A normal workaround becomes a pile of side scripts. One script offsets ports. Another rewrites .env. Docker Compose gets a project name. A branch-specific database tool handles migrations. Someone eventually asks why local development now feels like a small platform team.

Moo’s interesting move is to make the machine the unit of isolation. The README describes full Linux microVMs with copy-on-write state, saved per commit and restored by git checkout. That is a much stronger promise than “I put this branch in another folder.”

The objection is also obvious. More isolation means another system to understand. If your repo is a static library, a small CLI, or a service with clean containerized tests, Moo may be overkill. If your app has a stateful database, background workers, local services, and agents making concurrent attempts, the trade starts to look reasonable.

Try it where runtime state is the test

Moo is most interesting when the review question is not “does the diff look plausible?” but “can this branch actually run from a known state?”

Picture a Rails or Django monolith with Postgres, Redis, a local queue, and a frontend dev server. Two coding agents both touch migrations. One also changes seed data and package versions. With ordinary worktrees, the files separate; the ports and database do not.

With Moo, you would give each agent attempt its own machine. The reviewer can then run the branch in the machine that matches the commit instead of trying to reconstruct what happened from chat logs and half-remembered terminal commands.

For Codex, OpenAI’s coding agent and CLI, the same idea fits the verification loop. Keep the repo rule simple in AGENTS.md, then make the runtime receipt part of review:

# AGENTS.md

When changing app code, verify inside the branch machine before opening a PR.
Run the smallest useful command first, then the full service check if runtime state changed.
Record the command and result in the handoff.

A lightweight Codex handoff might say:

Branch: agent/add-billing-webhook
Machine: moo machine created from branch worktree
Verified: moo run pnpm test -- billing-webhook
Runtime changed: Postgres migration + webhook worker
Reviewer note: re-run moo run pnpm dev before manual checkout

That is the practical piece for an ai code review workflow for teams: do not only review the diff. Review the diff, the command that proved it, and the runtime boundary that made the proof believable.

If you want the broader review-guardrail version of this idea, see the related training topic. For a narrower companion note on the same project, read Moo Versions the Whole Machine.

Keep the outside world boring

Machine isolation does not remove every shared dependency.

Agents may still reach GitHub, package registries, Slack, issue trackers, document stores, or internal APIs. If you connect those through MCP, keep the permissions boring at first. The Model Context Protocol is an integration protocol that lets agents call external tools and data sources through explicit servers.

A safe boundary for a Moo experiment is read-mostly external access and write access only inside the branch machine. Let the agent install packages, run migrations, and start services inside its machine. Do not let the same experiment also write production tickets, mutate shared staging data, or post review comments automatically.

Here is a small permission table that works well for a first pass:

Surface First experiment permission Why
Repo files Write in branch/worktree This is the actual coding task.
Branch machine Full local write The point is isolated runtime state.
GitHub issues Read-only Context helps; mutation can wait.
Package registry Install only Publishing is not part of review.
Shared databases No access Moo is useful because state is local.

The trap is pretending isolation is all-or-nothing. Moo can isolate the machine while your tool permissions still leak risk into shared systems. Keep those two conversations separate.

Copyable review checklist for trying Moo

Use this checklist for one messy branch before you make any bigger decision.

  • Pick a repo where runtime state actually causes pain: database migrations, ports, workers, package installs, seeded data, or service collisions.
  • Confirm the host fits the current constraint: macOS Apple Silicon, as stated by the project README as of July 2026.
  • Create one agent attempt or branch machine with moo new.
  • Run the smallest meaningful verification command with moo run, such as moo run pnpm test -- billing or moo run pytest tests/payments.
  • If the runtime state matters, save it with moo save at the commit you want reviewers to reproduce.
  • Put the exact verification command in the PR handoff, not just “tests pass.”
  • Ask the reviewer to re-run one command from the handoff before reading the diff deeply.
  • Drop failed or stale attempts with moo drop so local machines do not become invisible infrastructure.
  • Do not use the experiment for production secrets, shared staging writes, or publish steps.
  • Decide fit based on one concrete outcome: did the reviewer reproduce the agent’s work faster and with fewer collisions?

That last line is the whole test. If Moo removes a real local collision, keep exploring. If it mostly adds ceremony around a repo that already has clean containers and fast tests, you learned that too.

Common questions

  • Where does Moo fit in an ai code review workflow for teams?

    Moo fits before review, as a reproducibility layer for branches and agent attempts. The useful artifact is not a long policy; it is a short handoff with the branch, machine state, and exact command the reviewer can rerun. It helps most when services, migrations, and ports are part of the change.

  • Is Moo replacing Docker or Git worktrees?

    No, Moo is not simply a Docker or worktree replacement. Git still versions files, and containers may still package services well. Moo’s bet is that each branch or agent attempt sometimes needs a whole isolated Linux machine, including writable runtime state, not just another directory or Compose project name.

  • Our engineering team is split on using ai code assistants, how to align them?

    Start with the review boundary, not the tool preference. A Moo-style experiment gives both sides something concrete to inspect: the diff, the isolated runtime, and the command that proves the branch runs. Skeptics get reproducibility; enthusiasts get parallel agent work without stomping on local services.

  • Can I use Moo on Linux today?

    Not according to the project README as of July 8, 2026. Moo was listed as macOS Apple Silicon only, with Linux hosts planned. The project was also marked alpha, and its snapshot format could change before 1.0, so treat early experiments as disposable.

  • Is this ai coding training for teams or just a local dev tool?

    It is a local dev tool first. The training lesson is secondary: agentic coding needs reviewable evidence, and runtime state is part of that evidence. If a team learns one habit from Moo, it should be to attach reproducible verification commands to agent-authored changes.

Best ways to use this research

  • Best for: engineers running multiple coding agents or branches against a stateful app where local services collide.
  • Best first artifact: a PR handoff that names the branch machine, the verification command, and any runtime state that changed.
  • Best comparison angle: compare Moo against your current worktree plus Docker Compose plus port-offset setup, not against Git alone.
  • Best reason to wait: your host is not macOS Apple Silicon, your repo has clean stateless tests, or you cannot tolerate alpha snapshot changes.

Further reading

Try one branch first

Pick the branch that usually ruins everyone’s local database, give it an isolated machine, and ask one reviewer to rerun the exact command. If that feels calmer than your current workaround stack, Moo is worth a closer look.

One methodology lens

One useful way to read this through our methodology is the Plan step: delegate first-pass decomposition and dependency mapping, review the sequencing and assumptions, and keep ownership of scope and priorities. If that split is still fuzzy, the workflow usually is too.

Related training topics

Related research

Continue through the research archive

Ready to start?

Transform how your team builds software.

Get in touch