Typical flow
```go theme={null} import m "github.com/superradcompany/microsandbox/sdk/go" sb, err := m.CreateSandbox(ctx, "api", // 1. configure + boot m.WithImage("python"), m.WithMemory(1024), ) if err != nil { return err } defer sb.Close() // 4. shut down out, err := sb.Exec(ctx, "python", []string{"-V"}) // 2. run if err != nil { return err } fmt.Println(out.Stdout()) // 3. read output ``` ## Functions #### m.CreateSandbox() ```go theme={null} func CreateSandbox(ctx context.Context, name string, opts ...SandboxOption) (*Sandbox, error) ```Parameters
ctxcontext.Contextnamestringopts...SandboxOptionReturns
\*Error, see Error Handling.Parameters
namestringReturns
Returns
Parameters
filterSandboxFilterReturns
Returns
Parameters
namestringReturns
Parameters
namestringReturns
Parameters
namestringReturns
Parameters
ctxcontext.Contextopts...SetupOptionReturns
true if the runtime is present at the expected version.Returns
"0.5.8".Returns
Returns
Returns
Returns
Parameters
optsLogOptionsTail, Since, Until, Sources. The zero value returns everything for the default stdout and stderr sources.Returns
Parameters
optsLogStreamOptionsSince or FromCursor start point.Returns
Recv in a loop.Returns
Parameters
intervaltime.DurationReturns
Recv in a loop.Parameters
cmdstringargs...stringReturns
Returns
Parameters
opts...StopOptionWithStopTimeout(30 \* time.Second).Parameters
opts...KillOptionReturns
Returns
true if attached.Returns
true if attached, false on detach or error.Parameters
imagestringParameters
mebibytesuint32Parameters
pathstringfstypestringParameters
pathOrNamestringParameters
mebibytesuint32Parameters
cpusuint8Parameters
pathstringParameters
shellstring"/bin/bash".Parameters
profileSecurityProfileParameters
envmap\[string]stringParameters
labelsmap\[string]stringParameters
keystringvaluestringParameters
hostnamestringParameters
userstringParameters
timeouttime.DurationParameters
ephemeralbooltrue to delete all state on termination.Parameters
cmd...stringParameters
cfgInitConfigParameters
levelLogLevelParameters
scriptsmap\[string]stringParameters
Parameters
dtime.DurationParameters
dtime.DurationParameters
authRegistryAuthParameters
portsmap\[uint16]uint16Parameters
portsmap\[uint16]uint16Parameters
bindings...PortBindingParameters
Parameters
secrets...SecretEntryParameters
patches...PatchConfigParameters
mountsmap\[string]MountConfigParameters
timeouttime.DurationParameters
timeouttime.DurationParameters
pathstringcontentstringoptsPatchOptionsMode and Replace.Parameters
pathstringcontentstringParameters
pathstringoptsPatchOptionsMode applies.Parameters
pathstringParameters
targetstringlinkstringoptsPatchOptionsReplace applies.Parameters
srcstringdststringoptsPatchOptionsMode and Replace.Parameters
srcstringdststringoptsPatchOptionsReplace applies.Returns
Parameters
cmdstringoptsInitOptionsReturned by GetSandbox() · ListSandboxes() · ListSandboxesWith()
A lightweight reference to a sandbox's persisted state. Carries metadata (name, status, config JSON, timestamps) and offers lifecycle methods that operate on the sandbox **without** an active guest-agent connection. You cannot `Exec` or `FS` on a handle, call `Connect` or `Start` to upgrade to a full [`*Sandbox`](#methods). | Method | Returns | Description | | ----------------------- | ------------------------------------------------------- | ----------------------------------------------------------- | | `Name()` | `string` | Sandbox name, up to 128 UTF-8 bytes | | `Status()` | [`SandboxStatus`](#sandboxstatus) | Last-known lifecycle status | | `ConfigJSON()` | `string` | Raw JSON configuration | | `Config()` | `(*`[`SandboxConfig`](#sandboxconfig)`, error)` | Parsed configuration | | `CreatedAt()` | `time.Time` | Creation time, zero value if unknown | | `UpdatedAt()` | `time.Time` | Last-update time, zero value if unknown | | `Refresh(ctx)` | `(*SandboxHandle, error)` | Fresh handle for the same name | | `Metrics(ctx)` | `(*`[`Metrics`](#metrics)`, error)` | Point-in-time resource metrics | | `Logs(ctx, opts)` | `([]`[`LogEntry`](#logentry)`, error)` | Read captured `exec.log` (works without starting) | | `LogStream(ctx, opts)` | `(*`[`LogStreamHandle`](#logstreamhandle)`, error)` | Stream captured output | | `Connect(ctx)` | `(*`[`Sandbox`](#methods)`, error)` | Reattach to the running sandbox | | `Start(ctx)` | `(*`[`Sandbox`](#methods)`, error)` | Boot a stopped sandbox in attached mode | | `StartDetached(ctx)` | `(*`[`Sandbox`](#methods)`, error)` | Boot a stopped sandbox in detached mode | | `Stop(ctx, opts...)` | `error` | Graceful shutdown; accepts [`StopOption`](#withstoptimeout) | | `RequestStop(ctx)` | `error` | Async stop request | | `Kill(ctx, opts...)` | `error` | Force terminate; accepts [`KillOption`](#withkilltimeout) | | `RequestKill(ctx)` | `error` | Async kill request | | `RequestDrain(ctx)` | `error` | Async drain request | | `WaitUntilStopped(ctx)` | `(*`[`SandboxStopResult`](#sandboxstopresult)`, error)` | Block until terminal state | | `Remove(ctx)` | `error` | Delete sandbox and persisted state | | `Snapshot(ctx, name)` | `(*SnapshotArtifact, error)` | Snapshot a stopped sandbox under a bare name | | `SnapshotTo(ctx, path)` | `(*SnapshotArtifact, error)` | Snapshot a stopped sandbox to an explicit path | ### SandboxFilterBuilt by NewSandboxFilter() · used by ListSandboxesWith()
Narrows the results of [`ListSandboxesWith`](#m-listsandboxeswith). The zero value matches every sandbox. Built fluently; `WithLabels` returns a new value so calls chain. | Method | Returns | Description | | -------------------- | --------------- | -------------------------------------------------------------------------------------------------- | | `WithLabels(labels)` | `SandboxFilter` | Require all of these labels (AND-matched). Repeated calls merge; later keys overwrite earlier ones | ### SandboxConfigPopulated by SandboxOption · parsed by SandboxHandle.Config()
The full configuration of a sandbox. Most callers build a sandbox via `CreateSandbox(ctx, name, ...opts)`; `SandboxConfig` is exported for callers that prefer to construct a value directly. | Field | Type | Description | | ------------------ | ---------------------------------------------------- | -------------------------------------------------------------------- | | Name | `string` | Sandbox name, up to 128 UTF-8 bytes | | Image | `string` | OCI image, local path, or disk image | | ImageFstype | `string` | Optional inner filesystem type for disk-image roots | | OCIUpperSizeMiB | `uint32` | Writable overlay upper size for OCI image roots | | Snapshot | `string` | Snapshot artifact path or bare name; mutually exclusive with `Image` | | MemoryMiB | `uint32` | Guest memory in MiB | | CPUs | `uint8` | Virtual CPUs | | Workdir | `string` | Default working directory | | Shell | `string` | Shell binary used by `Shell` calls | | SecurityProfile | [`SecurityProfile`](#securityprofile) | In-guest security profile | | Hostname | `string` | Guest hostname | | User | `string` | Default guest user | | Replace | `bool` | Replace existing sandbox with same name | | ReplaceWithTimeout | `*time.Duration` | Timeout between SIGTERM and SIGKILL (implies `Replace`) | | Env | `map[string]string` | Environment variables | | Labels | `map[string]string` | Labels for metrics attribution and filtering | | Detached | `bool` | If `true`, sandbox survives after the process exits | | Ephemeral | `bool` | If `true`, all state is removed on termination | | Entrypoint | `[]string` | Override image entrypoint | | Init | [`*InitConfig`](#initconfig) | Hand PID 1 off to a guest init binary | | LogLevel | [`LogLevel`](#loglevel) | Sandbox log verbosity override | | QuietLogs | `bool` | Suppress sandbox-level log output | | Scripts | `map[string]string` | Named scripts mounted at `/.msb/scripts/` | | PullPolicy | [`PullPolicy`](#pullpolicy) | Image pull behavior | | MaxDuration | `time.Duration` | Maximum sandbox lifetime | | IdleTimeout | `time.Duration` | Idle timeout | | RegistryAuth | [`*RegistryAuth`](#registryauth) | Private registry credentials | | Ports | `map[uint16]uint16` | Host to guest TCP port mappings | | PortsUDP | `map[uint16]uint16` | Host to guest UDP port mappings | | PortBindings | [`[]PortBinding`](/sdk/go/networking#portbinding) | Port mappings with explicit bind addresses | | Network | [`*NetworkConfig`](/sdk/go/networking#networkconfig) | Network policy and configuration | | Secrets | [`[]SecretEntry`](/sdk/go/secrets#secretentry) | Secret injection entries | | Patches | [`[]PatchConfig`](#patchconfig) | Rootfs modifications applied before boot | | Volumes | `map[string]MountConfig` | Volume mounts keyed by guest path | ### SandboxOptionConsumed by CreateSandbox()
```go theme={null} type SandboxOption func(*SandboxConfig) ``` A functional option for [`CreateSandbox`](#m-createsandbox). Every `WithX` helper in the [Options](#options) section returns one. The lifecycle setters [`WithStopTimeout`](#withstoptimeout) and [`WithKillTimeout`](#withkilltimeout) return distinct `StopOption` / `KillOption` types passed to [`Stop`](#sb-stop) and [`Kill`](#sb-kill) instead. ### MetricsReturned by Metrics() · MetricsStream() · AllSandboxMetrics()
Point-in-time resource usage snapshot. | Field | Type | Description | | ----------------------- | --------------- | ------------------------------------------------------------------------------------------------ | | CPUPercent | `float64` | CPU usage as a percentage | | VCPUTimeNs | `uint64` | Cumulative vCPU time in nanoseconds | | MemoryBytes | `uint64` | Current memory usage in bytes | | MemoryAvailableBytes | `*uint64` | Guest-reported available memory when known | | MemoryHostResidentBytes | `*uint64` | Host RSS backing the guest when known | | MemoryLimitBytes | `uint64` | Memory limit in bytes | | DiskReadBytes | `uint64` | Total bytes read from disk since boot | | DiskWriteBytes | `uint64` | Total bytes written to disk since boot | | NetRxBytes | `uint64` | Total bytes received over the network since boot | | NetTxBytes | `uint64` | Total bytes sent over the network since boot | | UpperUsedBytes | `*uint64` | Guest-visible OCI upper filesystem used bytes when the protected reporter is available and fresh | | UpperFreeBytes | `*uint64` | Guest-visible OCI upper filesystem free bytes when the protected reporter is available and fresh | | UpperHostAllocatedBytes | `*uint64` | Host-allocated bytes for the writable OCI upper image when available | | Uptime | `time.Duration` | Time since the sandbox was created | ### MetricsStreamHandleReturned by MetricsStream()
Live metrics subscription. Call `Close` to release Rust-side resources. | Method | Returns | Description | | ----------- | ----------------------------------- | ------------------------------------------------------------------------------------------------- | | `Recv(ctx)` | `(*`[`Metrics`](#metrics)`, error)` | Block until the next snapshot arrives. Returns `(nil, nil)` when the stream ends (sandbox exited) | | `Close()` | `error` | Stop the stream and release Rust-side resources | ### SandboxStopResultReturned by WaitUntilStopped()
Describes a terminal sandbox state observed by [`WaitUntilStopped`](#sb-waituntilstopped). | Field | Type | Description | | ---------- | --------------------------------- | ----------------------------------------- | | Name | `string` | Sandbox name | | Status | [`SandboxStatus`](#sandboxstatus) | Terminal status (`stopped` or `crashed`) | | ExitCode | `*int` | Process exit code when known | | Signal | `*int` | Terminating signal when known | | ObservedAt | `time.Time` | When the terminal state was observed | | Source | `*string` | Origin of the stop observation when known | ### SandboxStatusUsed by SandboxHandle.Status() · SandboxStopResult.Status
```go theme={null} type SandboxStatus string ``` | Constant | Value | Description | | ----------------------- | ------------ | -------------------------------------------------------------------------- | | `SandboxStatusRunning` | `"running"` | Guest agent is ready; `Exec`, `Shell`, `FS` work | | `SandboxStatusStopped` | `"stopped"` | VM shut down; configuration persisted; can be restarted | | `SandboxStatusCrashed` | `"crashed"` | VM exited unexpectedly (kernel panic, OOM, etc.) | | `SandboxStatusDraining` | `"draining"` | Graceful shutdown in progress; existing commands finish, new ones rejected | | `SandboxStatusPaused` | `"paused"` | VM is paused | ### LogEntryReturned by Logs() · LogStream()
A single captured log entry. | Field | Type | Description | | --------- | ------------------------- | ------------------------------------------------------------------------------- | | Source | [`LogSource`](#logsource) | Origin of the captured data | | SessionID | `*uint64` | Relay-monotonic session id; nil for system entries | | Timestamp | `time.Time` | Wall-clock capture time on the host | | Data | `[]byte` | The captured bytes | | Cursor | `string` | Opaque resume token; pass to [`LogStreamOptions.FromCursor`](#logstreamoptions) | | Method | Returns | Description | | -------- | -------- | -------------------------- | | `Text()` | `string` | Captured bytes as a string | ### LogOptionsUsed by Logs()
Filters passed to [`Logs`](#sb-logs). The zero value returns everything for the default sources (stdout + stderr). | Field | Type | Description | | ------- | ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | | Tail | `uint64` | Keep only the last N matching entries | | Since | `time.Time` | Inclusive lower timestamp bound | | Until | `time.Time` | Exclusive upper timestamp bound | | Sources | `[]`[`LogSource`](#logsource) | Sources to include; empty = stdout + stderr. Add `LogSourceOutput` or `LogSourceSystem` for PTY-merged output or runtime/kernel diagnostics | ### LogStreamOptionsUsed by LogStream()
Configures a live log stream. The zero value reads the default sources from the beginning with follow off. `Since` and `FromCursor` are mutually exclusive. | Field | Type | Description | | ---------- | ----------------------------- | --------------------------------------------------------------------------------------- | | Sources | `[]`[`LogSource`](#logsource) | Sources to include; empty = stdout + stderr + output | | Since | `time.Time` | Start at the first entry with timestamp >= this; mutually exclusive with `FromCursor` | | FromCursor | `string` | Resume strictly after the entry whose `Cursor` matches; mutually exclusive with `Since` | | Until | `time.Time` | Stop at the first entry with timestamp >= this | | Follow | `bool` | Keep the stream open past EOF and yield new entries as written | ### LogStreamHandleReturned by LogStream()
Live log subscription. Call `Close` to release Rust-side resources. | Method | Returns | Description | | ----------- | ------------------------------------- | ----------------------------------------------------------------------------- | | `Recv(ctx)` | `(*`[`LogEntry`](#logentry)`, error)` | Block until the next entry arrives. Returns `(nil, nil)` when the stream ends | | `Close()` | `error` | Stop the stream and release Rust-side resources | ### LogSourceUsed by LogEntry.Source · LogOptions.Sources · LogStreamOptions.Sources
```go theme={null} type LogSource string ``` | Constant | Value | Description | | ----------------- | ---------- | ---------------------------------------------------------------- | | `LogSourceStdout` | `"stdout"` | Captured stdout (pipe mode, streams stayed separated) | | `LogSourceStderr` | `"stderr"` | Captured stderr (pipe mode) | | `LogSourceOutput` | `"output"` | PTY-merged stdout and stderr from a session running in pty mode | | `LogSourceSystem` | `"system"` | Synthetic lifecycle markers plus runtime/kernel diagnostic lines | ### LogLevelUsed by WithLogLevel()
```go theme={null} type LogLevel string ``` Sandbox process log verbosity. | Constant | Value | Description | | ----------------- | --------- | ----------------------------------- | | `LogLevelDefault` | `""` | Runtime default | | `LogLevelTrace` | `"trace"` | Most verbose, all diagnostic output | | `LogLevelDebug` | `"debug"` | Debug and higher | | `LogLevelInfo` | `"info"` | Info and higher | | `LogLevelWarn` | `"warn"` | Warnings and errors only | | `LogLevelError` | `"error"` | Errors only | ### PullPolicyUsed by WithPullPolicy()
```go theme={null} type PullPolicy string ``` Controls when the SDK fetches an OCI image from the registry. | Constant | Value | Description | | --------------------- | -------------- | ------------------------------------------------- | | `PullPolicyDefault` | `""` | Runtime default (currently `PullPolicyIfMissing`) | | `PullPolicyAlways` | `"always"` | Pull every time, even if cached locally | | `PullPolicyIfMissing` | `"if-missing"` | Pull only if not already cached | | `PullPolicyNever` | `"never"` | Never pull; fail if missing | ### SecurityProfileUsed by WithSecurityProfile()
```go theme={null} type SecurityProfile string ``` Sandbox-wide in-guest security profile. | Constant | Value | Description | | --------------------------- | -------------- | -------------------------------------------------------------------------------------------------------- | | `SecurityProfileDefault` | `"default"` | Normal guest-root semantics | | `SecurityProfileRestricted` | `"restricted"` | Stronger hardening: `no_new_privs`, dropped mount-admin capability, forced `nosuid,nodev` on user mounts | ### RegistryAuthUsed by WithRegistryAuth()
Credentials for a private OCI registry. | Field | Type | Description | | -------- | -------- | ----------------- | | Username | `string` | Registry username | | Password | `string` | Registry password | ### InitConfigBuilt by Init · used by WithInit()
Custom guest PID-1 init specification. Construct via the [`Init`](#init) factory rather than building the struct directly. | Field | Type | Description | | ----- | ------------------- | ------------------------------------------------- | | Cmd | `string` | Absolute path inside the guest, or `"auto"` | | Args | `[]string` | Supplemental argv (`argv[0]` is implicitly `Cmd`) | | Env | `map[string]string` | Extra env vars merged on top of the inherited env | ### InitOptionsUsed by Init.Cmd()
Tuning struct for [`Init.Cmd`](#init-cmd) beyond the required cmd. | Field | Type | Description | | ----- | ------------------- | ----------------- | | Args | `[]string` | Supplemental argv | | Env | `map[string]string` | Extra env vars | ### InitProduces InitConfig for WithInit()
Package-level factory namespace for [`InitConfig`](#initconfig) values. See the [Init](#init) section for its methods. | Method | Returns | Description | | ----------------------------- | --------------------------- | -------------------------------------- | | [`Auto()`](#init-auto) | [`InitConfig`](#initconfig) | Auto-detect a guest init | | [`Cmd(cmd, opts)`](#init-cmd) | [`InitConfig`](#initconfig) | Explicit init binary with argv and env | ### PatchConfigBuilt by Patch · used by WithPatches()
A single rootfs patch. Construct via the [`Patch`](#patch) factory; the fields populated depend on the [`PatchKind`](#patchkind). | Field | Type | Description | | ------- | ------------------------- | ---------------------------------------------------------- | | Kind | [`PatchKind`](#patchkind) | Patch flavour | | Path | `string` | Absolute guest path (text / append / mkdir / remove) | | Content | `string` | Text content (text / append) | | Mode | `*uint32` | File or directory mode, e.g. `0o644` | | Replace | `bool` | When `true`, overwrite an existing path at the destination | | Src | `string` | Host source path (copy\_file / copy\_dir) | | Dst | `string` | Guest destination path (copy\_file / copy\_dir) | | Target | `string` | Symlink target | | Link | `string` | Symlink path | ### PatchOptionsUsed by Patch methods
Tuning struct passed to [`Patch`](#patch) methods that accept a mode and replace flag. | Field | Type | Description | | ------- | --------- | -------------------------- | | Mode | `*uint32` | File or directory mode | | Replace | `bool` | Overwrite an existing path | ### PatchKindUsed by PatchConfig.Kind
```go theme={null} type PatchKind string ``` Discriminator for [`PatchConfig`](#patchconfig). Prefer the [`Patch`](#patch) factory. | Constant | Value | | ------------------- | ------------- | | `PatchKindText` | `"text"` | | `PatchKindAppend` | `"append"` | | `PatchKindMkdir` | `"mkdir"` | | `PatchKindRemove` | `"remove"` | | `PatchKindSymlink` | `"symlink"` | | `PatchKindCopyFile` | `"copy_file"` | | `PatchKindCopyDir` | `"copy_dir"` | ### PatchProduces PatchConfig for WithPatches()
Package-level factory namespace for [`PatchConfig`](#patchconfig) values. See the [Patch](#patch) section for its methods. | Method | Returns | Description | | ----------------------------------------------- | ----------------------------- | --------------------------------------- | | [`Text(path, content, opts)`](#patch-text) | [`PatchConfig`](#patchconfig) | Write UTF-8 text | | [`Append(path, content)`](#patch-append) | [`PatchConfig`](#patchconfig) | Append to an existing file | | [`Mkdir(path, opts)`](#patch-mkdir) | [`PatchConfig`](#patchconfig) | Create a directory (idempotent) | | [`Remove(path)`](#patch-remove) | [`PatchConfig`](#patchconfig) | Delete a file or directory (idempotent) | | [`Symlink(target, link, opts)`](#patch-symlink) | [`PatchConfig`](#patchconfig) | Create a symlink | | [`CopyFile(src, dst, opts)`](#patch-copyfile) | [`PatchConfig`](#patchconfig) | Copy a host file into the rootfs | | [`CopyDir(src, dst, opts)`](#patch-copydir) | [`PatchConfig`](#patchconfig) | Copy a host directory into the rootfs | ### SetupOptionConsumed by EnsureInstalled()
```go theme={null} type SetupOption func(*setupConfig) ``` A functional option for [`EnsureInstalled`](#m-ensureinstalled). The only helper is [`WithSkipDownload`](#withskipdownload).