Project Glasshouse

The computing landscape is undergoing a radical shift away from x86 architecture toward ARM-based processing, typified by Apple's transition to Apple Silicon. This pivot has historically made virtualizing macOS on non-Apple, generic cloud infrastructure a slow, heavily emulated process.

This briefing analyzes the state-of-the-art technologies that have shattered the "Emulation Tax," including hybrid binary translators and Vulkan-to-Metal graphics pipelines. It explores how modern AI agents securely host and operate these operating systems using microVM sandboxing and the Model Context Protocol (MCP). Finally, it outlines a radical, asymmetrical strategy for bootstrapped startups to achieve hyperscale macOS computing with zero capital by exploiting cloud free-tiers, CI/CD tunneling, and government innovation grants.

The core claim of this conversation is that it is theoretically and practically possible to run Apple's macOS on non-Apple hardware — ranging from generic cloud servers to free CI/CD runners — and to fully automate these environments using AI agents. The conversation moves from traditional "Hackintosh" methods to a highly advanced theoretical architecture called Project Glasshouse.

The iOS App Store is one of the most lucrative digital markets in the world, but the entry ticket is a $1,000+ Apple computer. For developers and researchers in the Global South, or with zero capital, this represents a structural barrier to economic participation. Project Glasshouse proposes eliminating this barrier entirely.

With Apple planning to release macOS 27 exclusively for Apple Silicon, and macOS 28 slated to remove Rosetta 2 entirely by 2027, the traditional "Hackintosh" methodology has reached its terminal end of life. Hypervisor-based virtualization and advanced hardware emulation have become the sole viable pathways for executing Apple operating systems on non-Apple host infrastructure.

The ability to run macOS on agnostic hardware democratizes software development. It allows developers and researchers in the Global South and unfunded startups to build, compile, and test iOS/macOS applications without purchasing expensive physical Apple hardware. It pushes the boundaries of virtualization, forcing innovation in API translation and cross-ISA execution.

Project Glasshouse is a four-phase software stack designed to detach Apple's software from Apple's hardware. Each phase solves a distinct technical problem that has historically made macOS virtualization on generic hardware either impossible or unusable.

This compendium serves as the master blueprint for Project Glasshouse and the broader ecosystem of macOS virtualization as of 2026. It categorizes existing standards, emerging protocols, and the theoretical algorithms required to bridge the gap between Apple's proprietary silicon and agnostic cloud infrastructure.

Phase 1: Host Provisioning Script

#!/bin/bash
# Project Glasshouse: Phase 1 — Host Provisioning Script
apt-get update -y && apt-get install -y qemu-kvm libvirt-daemon-system \
  libvirt-clients bridge-utils ovmf
systemctl enable --now libvirtd

# Inject IOMMU flags for PCIe hardware passthrough
sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="amd_iommu=on \
  iommu=pt kvm.ignore_msrs=1 /g' /etc/default/grub
update-grub && update-initramfs -u

# HugePages for 1GB RAM blocks (eliminates memory translation overhead)
echo "vm.nr_hugepages = 1024" >> /etc/sysctl.conf
sysctl -p

Phase 2: OpenCore Cryptographic Ghost Configuration

<!-- OpenCore config.plist — Cryptographic Ghost Configuration -->
<key>PlatformInfo</key>
<dict>
  <key>Generic</key>
  <dict>
    <!-- AI-generated mathematically valid Apple hardware profile -->
    <key>MLB</key>
    <string>C02XXXXXXXXXX</string>
    <key>SystemSerialNumber</key>
    <string>C02XXXXXXXXXX</string>
    <key>SystemUUID</key>
    <string>XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string>
    <key>SystemProductName</key>
    <string>MacPro7,1</string>
    <!-- VirtualSMC intercepts SMC calls and returns spoofed responses -->
    <key>ROM</key>
    <data>AAAAAAAA</data>
  </dict>
  <key>Automatic</key>
  <true/>
</dict>

Phase 3: Arancini / LLVM IR Lifting (AI-Driven JIT)

// Project Glasshouse: Arancini-inspired AI-Driven Execution Engine (Rust)
fn execute_macos_instruction(
    aarch64_block: &Block
) -> Result<(), ExecutionError> {
    
    // 1. Check the AI-Predicted Translation Cache (SBT result)
    if let Some(native_x86) = ai_cache.get(&aarch64_block.hash) {
        // Cache hit — execute natively on cloud server CPU
        execute_on_bare_metal(native_x86);
        return Ok(());
    }

    // 2. Cache Miss: LLVM IR lifting + JIT compilation (DBT fallback)
    let ir = lift_to_llvm_ir(aarch64_block);
    // Apply formally verified memory ordering mappings (TSO → weak model)
    let ir_with_fences = apply_formal_memory_mappings(ir);
    let optimized = llvm_optimize_for_avx512(ir_with_fences);
    let x86_block = compile_to_x86_64(optimized);
    
    // 3. Cache and execute
    ai_cache.insert(aarch64_block.hash, x86_block.clone());
    execute_on_bare_metal(&x86_block);
    Ok(())
}

Phase 4: Metal-to-Vulkan Kernel Extension (The Interceptor)

// Project Glasshouse: Virtual GPU Kernel Extension (C++)
// GlasshouseGPU.kext — intercepts Apple Metal API commands
IOReturn GlasshouseGPU::SubmitCommandBuffer(
    IOUserClient* client,
    MetalCommandBuffer* cmd
) {
    // 1. Intercept the Apple Metal graphics command from WindowServer
    SerializedMetal payload = SerializeForHost(cmd);
    
    // 2. Fire down to Linux host via VirtIO Ring Buffer (Venus protocol)
    virtio_ring_write(this->virtio_queue, &payload, sizeof(payload));
    
    // 3. Notify the Linux Hypervisor to process graphics
    // KosmicKrisp on host translates Vulkan → Metal for Apple Silicon
    virtio_notify_host(this->virtio_queue);
    
    return kIOReturnSuccess;
}

Modern AI models (Claude 3.5/4.5/4.6, GPT-4, Gemini, Manus) do not just chat — they autonomously operate operating systems. The release of Claude 3.5 Sonnet marked the definitive transition from conversational LLMs to proactive Large Action Models (LAMs) via native "Computer Use" capabilities.

The Limitations of Vision-Only Automation

Initial iterations relied strictly on a "vision-only" methodology — the AI captured screenshots, analyzed visual layout, and generated X/Y pixel coordinates. This proved inherently brittle: minor UI updates, resolution scaling changes, notification popups, or dynamic layouts could derail the agent entirely.

The Model Context Protocol (MCP) Solution

MCP is an open-source, standardized transport layer utilizing JSON-RPC 2.0 messages, developed by Anthropic and standardized by Google and Anthropic in 2025. Supported by Docker Desktop as of March 2026. Instead of guessing pixel coordinates, MCP allows developers to build local servers that expose exact, deterministic programmatic tools to the model.

Two Primary MCP Architectures

Complete MCP Server Implementation

# Project Glasshouse: macOS MCP Agent Server
# Full implementation from the Gemini conversation
import asyncio, subprocess, pyautogui
from mcp.server import Server
from mcp.types import Tool, TextContent

app = Server("macos-glasshouse-agent")

@app.list_tools()
async def list_tools() -> list[Tool]:
    return [
        Tool(
            name="click_ui_element",
            description="Moves mouse to X,Y coordinates and clicks.",
            inputSchema={
                "type": "object",
                "properties": {
                    "x": {"type": "integer", "description": "X coordinate on the macOS screen"},
                    "y": {"type": "integer", "description": "Y coordinate on the macOS screen"},
                    "click_type": {"type": "string", "enum": ["left", "right", "double"]}
                },
                "required": ["x", "y"]
            }
        ),
        Tool(
            name="execute_applescript",
            description="Executes native AppleScript to control macOS apps.",
            inputSchema={
                "type": "object",
                "properties": {"script": {"type": "string"}},
                "required": ["script"]
            }
        ),
        Tool(
            name="type_text",
            description="Simulates physical keyboard typing.",
            inputSchema={
                "type": "object",
                "properties": {
                    "text": {"type": "string"},
                    "press_enter": {"type": "boolean"}
                },
                "required": ["text"]
            }
        )
    ]

@app.call_tool()
async def call_tool(name: str, arguments: dict):
    if name == "click_ui_element":
        x, y = arguments["x"], arguments["y"]
        click_type = arguments.get("click_type", "left")
        pyautogui.moveTo(x, y, duration=0.2)  # Human-like movement latency
        if click_type == "left": pyautogui.click()
        elif click_type == "right": pyautogui.rightClick()
        elif click_type == "double": pyautogui.doubleClick()
        return [TextContent(type="text", text=f"Clicked {click_type} at ({x}, {y})")]
    
    elif name == "execute_applescript":
        result = subprocess.run(
            ["osascript", "-e", arguments["script"]],
            capture_output=True, text=True, check=True
        )
        return [TextContent(type="text", text=f"Output: {result.stdout}")]
    
    elif name == "type_text":
        pyautogui.write(arguments["text"], interval=0.01)
        if arguments.get("press_enter", False): pyautogui.press('enter')
        return [TextContent(type="text", text="Text typed successfully.")]

async def main():
    from mcp.server.stdio import stdio_server
    async with stdio_server() as (read_stream, write_stream):
        await app.run(read_stream, write_stream, app.create_initialization_options())

if __name__ == "__main__":
    asyncio.run(main())

The AI Lifecycle

Security: MicroVM Sandboxing for AI Agents

Running advanced LAMs directly on a bare-metal workstation poses unacceptable security risk — a malicious prompt injection attack hidden inside a website or email could hijack the agent. Industry standards now rely on:

• AWS Firecracker MicroVMs: Ephemeral, lightweight VMs that spin up in milliseconds with fully isolated Linux/macOS filesystems, destroyed after task completion
• Kata Containers: Container-compatible microVM isolation
• Google gVisor: User-space kernel for lightweight sandboxing
• Zero-trust network namespaces: Strict egress filtering — blocks LAN access, whitelists only required domains
• WebAssembly (Wasm): Safely sanitizes and executes LLM-generated Python scripts without full hypervisor overhead

This section reproduces the findings of the Deep Research Canvas document generated by Gemini's Deep Research mode, which conducted comprehensive fact-checking and nuance-adding across all claims in the conversation.

When you have no money, your primary currency is cunning, open-source leverage, and exploiting corporate free tiers to their absolute limits. The Scavenger Architecture chains four components into a persistent, AI-automated macOS ecosystem that costs exactly $0.00 to operate.

Step-by-Step Execution

# .github/workflows/mac-tunnel.yml
# The GitHub Actions "Scavenger" Workflow
name: Glasshouse Mac Tunnel
on:
  push:
    branches: [main]
  schedule:
    - cron: '0 */5 * * *'  # Auto-restart every 5.5 hours

jobs:
  mac-tunnel:
    runs-on: macos-14  # Free M1 Apple Silicon runner
    timeout-minutes: 360
    steps:
      - name: Install Tailscale
        run: brew install tailscale
        
      - name: Connect to Tailscale network
        run: sudo tailscale up --authkey=${{ secrets.TAILSCALE_KEY }} --ephemeral
        
      - name: Enable VNC Screen Sharing
        run: |
          sudo /System/Library/CoreServices/RemoteManagement/\
          ARDAgent.app/Contents/Resources/kickstart \
          -activate -configure -access -on \
          -clientopts -setvnclegacy -vnclegacy yes \
          -clientopts -setvncpw -vncpw ${{ secrets.VNC_PASSWORD }} \
          -restart -agent -privs -all
          
      - name: Install AI Automation Layer
        run: |
          git clone https://github.com/ashwwwin/automation-mcp.git
          cd automation-mcp && bun install && bun run index.ts &
          
      - name: Hold runner alive (5.8 hours)
        run: sleep 21000

For a brilliant, underfunded researcher or startup founder, capital is an illusion. Compute can be mined, scavenged, and augmented using radical, overlapping strategies. This playbook goes far beyond the basic Scavenger Architecture — it encompasses institutional, legal, political, financial, and technical dimensions.

Additional Alternative Approaches

Apple's Software License Agreement (SLA) and EULA strictly and unambiguously stipulate that macOS may only be installed, virtualized, and executed on genuine Apple-branded hardware. This renders the use of Docker-OSX or QEMU/KVM deployments running macOS on commodity servers a direct violation of civil contract terms.

Apple v. Corellium (2019–2023)

A critical legal distinction exists between a EULA violation and actionable copyright infringement. Corellium successfully commercialized a platform (CORSEC) that replicated the iOS and macOS kernels for cybersecurity research. Apple sued for direct copyright infringement.

In a landmark ruling, the 11th Circuit Court of Appeals ruled in favor of Corellium, establishing that virtualizing an Apple operating system for security research falls under the "fair use" doctrine. The court found the virtualization software was highly "transformative" and did not substantially harm Apple's hardware market. The case culminated in a confidential settlement in late 2023.

Official cloud computing providers offering macOS hosting (AWS EC2 Mac instances, MacStadium, Liquid Web) continue to utilize physical, bare-metal Mac Mini hardware mounted in specialized server racks — ensuring strict EULA compliance and bypassing legal ambiguities of multi-tenant macOS VMs on commodity silicon.

The Key Insight: Emulation Tax vs. API Translation

The single most important conceptual contribution in this dialogue is the "Emulation Tax" vs. "API Translation" paradigm. Traditionally, running macOS on generic hardware requires emulating a physical GPU — computationally crushing, resulting in an unusable interface. Project Glasshouse's insight is to stop emulating hardware and start translating software APIs.

This makes visible the fact that hardware lock-in is increasingly a software enforcement problem, not a physical physics problem. If an AI or translation layer is fast enough, the underlying silicon becomes irrelevant. This is the same insight that powered Valve's Proton (Windows games on Linux) and Apple's own Rosetta 2 (x86 apps on Apple Silicon).

Critical Perspectives — Operational Fragility

Implications for The Launchpad TLP

For Piqui's domains — education management, entrepreneurship, and social leadership in Latin America — the implications are profound. The iOS App Store is one of the most lucrative digital markets in the world, but the entry ticket is a $1,000+ Apple computer. The Scavenger Architecture proves that the technical barrier to entry can be bypassed with pure resourcefulness.

The integration of MCP means that AI is no longer just generating text; it is operating the machine. For a solo founder, an AI agent running on a free cloud server can act as a tireless employee — scraping competitor data, running tests, managing social media — all orchestrated through a remote, automated macOS instance.

The following sources were cited and verified by Gemini's Deep Research mode during the fact-checking phase of this conversation.

Primary Technical Sources