.svg?fit=max&auto=format&n=Kcl0QqDRVe7xZUrL&q=85&s=3daa930aa3cc0a3df920758c31487950)
.svg?fit=max&auto=format&n=Kcl0QqDRVe7xZUrL&q=85&s=27dba6666fa3bf1b10385972f664dfde)
New features
Block-backed OCI rootfs for dramatically faster filesystemsSandboxes based on OCI images now run on a block-device-backed rootfs with guest-side overlayfs, replacing the previous FUSE passthrough. Filesystem operations inside sandboxes are 10–175x faster, especially on workloads that touch many files. OCI sandboxes also auto-mount/tmp as tmpfs (sized to a fraction of the sandbox’s memory) unless you override it.Cached images from older versions will be re-pulled automatically on first use. See Images overview.Sandbox-wide guest resource limitsYou can now set default rlimit values that apply across a whole sandbox, so every process inherits consistent caps on file descriptors, processes, and other kernel resources without having to configure them per-command. See Sandbox customization.Streaming exec with config on the TypeScript SDKThe TypeScript SDK adds execStreamWithConfig, letting you start a streaming exec while passing per-invocation config (user, env, cwd, etc.) alongside the command. Useful for long-running processes where you want both structured configuration and live stdout/stderr. See the TypeScript SDK execution reference.Bug fixes
Shims self-heal when themsb binary is missingThe microsandbox entry points installed via cargo install, npx, and pipx now detect a missing runtime on first run and download it on demand, instead of failing with “msb binary not found”. Install-time hooks are now a fast path rather than a correctness requirement, so npx microsandbox ... and wiped runtime directories recover automatically. Concurrent shim invocations are also serialized to avoid duplicate downloads.VM boot restored for OCI-image sandboxesFixed a regression that prevented sandboxes using block-backed OCI rootfs from booting. msb run now handshakes reliably on Linux hosts.