ON THE HORIZON — COMING SOON

⚓ idle harbor

Flip one option and your app's microVM is suspended to a snapshot when traffic stops. While it sleeps you pay only for the storage of the parked VM — not a cent of compute. The next request wakes it in under a second.

🧮 what it actually saves

Snapshot storage costs €0.10/GB-month — the same rate as a volume. A typical microVM snapshot is about the size of its RAM allocation.

dinghy · ¼ vCPU / 512 MB

€2.00/month always-on

~€0.10/month harbored at 2 h/day active

compute for 60 h + 0.5 GB snapshot storage

sloop · 1 vCPU / 2 GB

€8.00/month always-on

~€0.50/month harbored at 4 h/day active

compute for 120 h + 2 GB snapshot storage

10 PR previews · dinghies

€20.00/month always-on

~€1.50/month harbored during review hours

active ~3 h/day, asleep overnight and weekends

Compute is billed per second while awake, snapshot storage per second while asleep. No rounding, no minimums.

🗺️ enabling it

idle harbor

$ bootload deploy --image ghcr.io/you/app --idle-harbor --idle-after 15m …15 quiet minutes later… ⚓ app dropped anchor in the harbor — compute billing stopped now paying: snapshot storage only (~€0.05/month for this service) …a visitor arrives… 🌊 app under sail again in 0.3s — the visitor just sees the page # already deployed? toggle it on without a redeploy: $ bootload service set --idle-harbor --idle-after 10m # or flip it off: $ bootload service set --no-idle-harbor

The portal has a one-click toggle on every service. The idle window is configurable from 1 minute to 24 hours — shorter for webhooks that should feel instant, longer for services where the first wake can afford a brief delay.

⚙️ what happens, step by step

🕐

traffic stops for N minutes

The gateway notices no requests have arrived for the configured idle window (default: 15 min, down to 1 min). It signals the node.

📸

snapshot taken — < 1 second

The node agent freezes the running Firecracker microVM and writes the full memory state to an encrypted snapshot file on disk. Your process is captured mid-execution — open files, network state, heap, everything.

⚓

vCPU and RAM freed

The VM is torn down. The CPU slot and memory are returned to the node. Billing flips: compute meters stop, snapshot storage starts (€0.10/GB-month — the same rate as a volume).

🔔

a request arrives

The gateway catches the incoming request and holds it — the caller's connection stays open, no error is returned. The agent is signaled to restore.

🌊

VM restored — ~150–300 ms

Firecracker loads the snapshot back into a new microVM. The clock is resynced to wall time, the RNG is reseeded (so you never replay entropy state), and LUKS volume mappers are re-opened if the service has volumes attached.

✅

health check passes — request released

A quick health probe confirms the process is responding. The held request is forwarded, completes normally, and the service is back under sail. The visitor sees a page, not an error.

💡 made for

🧪

Side projects & demos

Your portfolio piece gets three visitors a week. With a dinghy always-on that's €2/month. Harbored, a 512 MB snapshot costs about €0.05/month — the same app, a fraction of the bill.

🪝

Webhooks & integrations

A receiver that fires when Stripe, GitHub, or n8n calls. Asleep 23 hours out of 24, awake the moment a payload arrives — the sender never notices the 300 ms.

🎭

Staging & preview environments

Ten open PRs means ten preview instances. Always-on, that's €20+/month for environments nobody looks at after 5 pm. Harbored, each one sleeps when the reviewer closes the tab.

🏢

Internal tools

The admin dashboard, the report generator, the wiki nobody reads on Sunday. Tools used hours-per-week shouldn't bill hours-per-month.

⚡

Function-style services

An API that transforms images or renders PDFs on demand behaves like a function — without rewriting for a FaaS runtime. Deploy the same container, let harbor do the scale-to-almost-zero.

🤖

Bots & assistants

Chat bots and AI agents that respond to mentions sleep between conversations. Wake-on-request keeps the conversational pace; the wallet keeps its coins.

💻

Personal dev environments

Your cloud dev box with all your tools installed. Active while you're coding, asleep while you're not. No more paying for eight hours of idle compute between your evening session and the morning standup.

📅

Scheduled batch jobs

A service that crunches reports at 03:00 and idles the rest of the day. Harbor it between runs; a cron wake signal (or a simple HTTP call from a scheduler) brings it back exactly where it left off.

⚙️

Workers & processors

An HTTP-triggered worker that receives a job — transcode a video, resize an image, run a data pipeline — does the work, and sleeps until the next one. Unlike a polling queue consumer, the job dispatcher wakes the worker on demand. You pay only for the seconds it's actually crunching.

🌐

Edge-style request handlers

An HTTP handler that behaves like a serverless function — one request in, one response out — but runs in a full Linux microVM with no runtime restrictions. No FaaS API to rewrite for, no cold-boot penalty beyond the first warm-up: the snapshot restores your exact process, not a blank container.

🔬 under the hood

For the curious: Idle Harbor uses Firecracker snapshot/restore — the same technology AWS uses for Lambda cold starts, except here the snapshot preserves your running process rather than a pre-initialized blank VM. The snapshot captures the full memory state: heap, stack, open file descriptors, everything your process had in flight.

Encrypted at rest. The snapshot file is LUKS-encrypted under a per-service key stored in OpenBao — the same posture as your volumes and backups. Not even we can read it at rest.
Clock resynced on wake. Time jumped while your process was frozen. We resync the guest clock before the process continues, so TLS caches, rate limiters, and anything else time-sensitive picks up correctly.
RNG reseeded. Replaying an RNG state after a snapshot restore would be a security problem. We reseed the guest's entropy pool before your code runs again.
TCP connections. Pre-snapshot connections are dead by the time the VM wakes — the idle window guarantees no caller is waiting. New connections establish normally after wake. If you rely on persistent outbound connections (database pools, queue consumers), your app code should reconnect on startup anyway; Idle Harbor makes it explicit.
Node mobility. If the original node is full when you need to wake, the snapshot is transferred over the internal VLAN to a node with free capacity. Same region, same latency profile — you won't notice.
Volumes stay attached. If your service has LUKS-encrypted volumes, they're properly unmounted before the snapshot and re-opened on wake. No data loss, no journal corruption.

⚖️ when not to use it

Idle Harbor is not for always-on workloads:

Long-lived WebSocket connections. Clients would disconnect the moment the VM sleeps. Use an always-on boat for real-time apps.
Queue consumers. A consumer sleeping through messages is a broken consumer. Keep it always-on or use a proper scheduled-wake signal instead.
Apps with in-process cron jobs. If your app schedules its own background work, it will sleep through the schedule. Externalise the trigger (a cron HTTP call) and it works fine.
Latency-critical paths. The first request after a sleep takes ~150–300 ms longer than normal. That's invisible for human-initiated requests; it's a problem for payment processors or health checks with tight SLAs.

Harbor is an option you enable per service, never a default. Most teams run their production app always-on and harbor everything else.

🪙 see pricing sign up — harbor ships soon