Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.
microsandbox
Lightweight VM sandboxes for Rust applications that need hardware-level isolation for AI agents, tools, tests, and untrusted code.
microsandbox is the Rust SDK for the microsandbox runtime. It exposes an async API for creating microVM-backed sandboxes, running commands, reading and writing guest files, managing volumes, configuring network policy, and working with secrets.
For full API documentation, use the docs site and generated Rust docs:
Features
- Hardware VM isolation with a guest Linux kernel
- OCI image, bind-rootfs, disk-image, and snapshot-based sandboxes
- Collected and streaming command execution
- Guest filesystem read, write, list, copy, stat, and stream operations
- Named volumes, bind mounts, tmpfs mounts, and disk-image mounts
- Network policies, DNS filtering, TLS interception, secrets, and port publishing
- Rootfs patches before boot
- Detached sandboxes that can outlive the Rust process
- Metrics, logs, snapshots, SSH/SFTP, image cache, and local/cloud backend helpers
Requirements
- Rust toolchain with Rust 2024 edition support
- Linux with KVM, macOS with Apple Silicon, or Windows with Windows Hypervisor Platform
- Windows support is currently preview; see the Windows troubleshooting guide for WHP and runtime setup notes.
Installation
Cargo Features
| Feature | Default | Description |
|---|---|---|
keyring |
yes | Registry credential lookup through the platform keyring |
net |
yes | Networking, port publishing, policies, TLS interception, and secrets |
prebuilt |
yes | Use prebuilt runtime artifacts where available |
ssh |
no | SSH, SFTP, and interactive SSH helpers |
To build without the networking stack while keeping the default keyring and prebuilt-runtime behavior:
Quick Start
use Sandbox;
async
Common Examples
These snippets assume you already have a live sandbox: Sandbox. See examples/rust for complete runnable crates.
Command Execution
use ExecEvent;
let output = sandbox.exec.await?;
println!;
println!;
let mut handle = sandbox.exec_stream.await?;
while let Some = handle.recv.await
Filesystem Operations
let fs = sandbox.fs;
fs.write.await?;
let data = fs.read.await?;
println!;
for entry in fs.list.await?
Named Volumes
use ;
let data = builder.quota.create.await?;
let writer = builder
.image
.volume
.replace
.create
.await?;
writer.shell.await?;
writer.stop.await?;
let reader = builder
.image
.volume
.replace
.create
.await?;
let output = reader.shell.await?;
println!;
Network Policies
use ;
let isolated = builder
.image
.network
.replace
.create
.await?;
let filtered_policy = builder
.default_allow
.rule
.rule
.build?;
let filtered = builder
.image
.network
.replace
.create
.await?;
Use .disable_network() when the sandbox should not receive a network interface at all. Use NetworkPolicy::none() when the interface should exist but policy should deny traffic.
Port Publishing
let sandbox = builder
.image
.port
.replace
.create
.await?;
Secrets
Secrets use placeholder substitution. The real value stays on the host and is substituted only for allowed network destinations.
let sandbox = builder
.image
.secret_env
.replace
.create
.await?;
Rootfs Patches
let sandbox = builder
.image
.patch
.replace
.create
.await?;
Detached Mode
let sandbox = builder
.image
.detached
.replace
.create
.await?;
sandbox.detach.await;
let handle = get.await?;
let reconnected = handle.connect.await?;
let output = reconnected.shell.await?;
println!;
More Documentation
License
Apache-2.0