Skip to main content
See Overview for configuration examples and Lifecycle for state management.

Static methods

Sandbox.create()

@staticmethod
async def create(name_or_config: str | dict, **kwargs) -> Sandbox
Create and boot a sandbox. The first argument is either a name (str) or a full config (dict). Keyword arguments provide individual config fields. Pulls the image if needed, boots the VM, starts the guest agent, and waits until it is ready to accept commands. Parameters
NameTypeDescription
name_or_configstr | dictSandbox name or full configuration dict
imagestr | ImageSourceOCI image, local path, or disk image (required)
cpusintVirtual CPUs (default 1)
memoryintGuest memory in MiB (default 512)
workdirstrDefault working directory for commands
shellstrShell for shell() calls (default "/bin/sh")
hostnamestrGuest hostname
userstrDefault guest user
entrypointlist[str]Override image entrypoint
replaceboolReplace existing sandbox with same name
max_durationfloatMaximum sandbox lifetime in seconds
idle_timeoutfloatIdle timeout in seconds
envdict[str, str]Environment variables visible to all commands
scriptsdict[str, str]Named scripts mounted at /.msb/scripts/
pull_policystr | PullPolicyImage pull behavior
log_levelstr | LogLevelOverride log verbosity
registry_authRegistryAuthPrivate registry credentials
volumesdict[str, dict]Volume mounts. See Volumes.
patcheslist[PatchConfig]Rootfs modifications applied before boot
portsdict[int, int]Port mappings (host_port: guest_port)
networkNetworkNetwork policy and configuration
secretslist[SecretEntry]Secret injection
detachedboolIf True, sandbox survives after your process exits
Returns
TypeDescription
SandboxRunning sandbox

Sandbox.create_with_progress()

@staticmethod
def create_with_progress(name_or_config: str | dict, **kwargs) -> PullSession
Same parameters as Sandbox.create() but returns a PullSession that lets you track image pull progress before the sandbox is ready. This method is synchronous (not awaitable) — the async work happens through the PullSession. Parameters Same as Sandbox.create(). Returns
TypeDescription
PullSessionSession for tracking pull progress and obtaining the final sandbox

Sandbox.start()

@staticmethod
async def start(name: str, *, detached: bool = False) -> Sandbox
Restart a previously stopped sandbox. The VM reboots using the persisted configuration. Parameters
NameTypeDescription
namestrName of a stopped sandbox
detachedboolIf True, sandbox survives after your process exits (default False)
Returns
TypeDescription
SandboxRunning sandbox

Sandbox.get()

@staticmethod
async def get(name: str) -> SandboxHandle
Get a handle to an existing sandbox (running or stopped). The handle provides status, configuration, and lifecycle control. Parameters
NameTypeDescription
namestrSandbox name
Returns
TypeDescription
SandboxHandleHandle with status and lifecycle control

Sandbox.list()

@staticmethod
async def list() -> list[SandboxHandle]
List all sandboxes (running, stopped, and crashed). Returns
TypeDescription
list[SandboxHandle]All sandboxes

Sandbox.remove()

@staticmethod
async def remove(name: str) -> None
Delete a stopped sandbox and all its state from disk. Fails if the sandbox is still running. Parameters
NameTypeDescription
namestrSandbox name

Instance properties

name

@property
async def name(self) -> str
Sandbox name. This is an async property — use await sb.name.

owns_lifecycle

@property
async def owns_lifecycle(self) -> bool
Whether this handle owns the sandbox lifecycle. True in attached mode, False in detached mode. This is an async property — use await sb.owns_lifecycle.

fs

@property
def fs(self) -> SandboxFs
Get a filesystem handle for reading and writing files inside the running sandbox. This is a synchronous property — use sb.fs (no await). See Filesystem for the full API. Returns
TypeDescription
SandboxFsFilesystem handle

Instance methods

attach()

async def attach(cmd: str, args_or_options: list[str] | ExecOptions | None = None) -> int
Bridge your terminal directly to a process inside the sandbox for a fully interactive PTY session. Parameters
NameTypeDescription
cmdstrCommand to run
args_or_optionslist[str] | ExecOptions | NoneCommand arguments or execution options
Returns
TypeDescription
intExit code of the process

attach_shell()

async def attach_shell() -> int
Attach to the sandbox’s default shell. Returns
TypeDescription
intExit code

detach()

async def detach() -> None
Release the handle without stopping the sandbox. Reconnect later with Sandbox.get().

drain()

async def drain() -> None
Start a graceful drain (SIGUSR1). Existing commands run to completion, new exec calls are rejected.

exec()

async def exec(cmd: str, args_or_options: list[str] | ExecOptions | None = None) -> ExecOutput
Run a command inside the sandbox and wait for it to complete. Collects all stdout and stderr into memory and returns them along with the exit code. For long-running processes or large output, use exec_stream() instead. Parameters
NameTypeDescription
cmdstrCommand to execute (e.g. "python", "/usr/bin/node")
args_or_optionslist[str] | ExecOptions | NoneCommand arguments (e.g. ["-c", "print('hello')"]) or ExecOptions
Returns
TypeDescription
ExecOutputCollected stdout, stderr, and exit status

exec_stream()

async def exec_stream(cmd: str, args_or_options: list[str] | ExecOptions | None = None) -> ExecHandle
Run a command with streaming output. Returns a handle that emits stdout, stderr, and exit events as they happen, rather than buffering everything. Parameters
NameTypeDescription
cmdstrCommand to execute
args_or_optionslist[str] | ExecOptions | NoneCommand arguments or ExecOptions
Returns
TypeDescription
ExecHandleStreaming handle for receiving events and controlling the process

kill()

async def kill() -> None
Force-terminate the sandbox immediately (SIGKILL). No graceful shutdown.

metrics()

async def metrics() -> SandboxMetrics
Get a point-in-time snapshot of the sandbox’s resource usage. Returns
TypeDescription
SandboxMetricsCPU, memory, disk, network metrics

metrics_stream()

async def metrics_stream(interval: float = 1.0) -> MetricsStream
Stream resource metrics at a regular interval. The returned stream supports both recv() and async for. Parameters
NameTypeDescription
intervalfloatSeconds between metric snapshots (default 1.0)
Returns
TypeDescription
MetricsStreamAsync stream of metrics

remove_persisted()

async def remove_persisted() -> None
Remove the sandbox and all its persisted state from disk.

shell()

async def shell(script: str) -> ExecOutput
Run a command through the sandbox’s configured shell (defaults to /bin/sh). Shell syntax like pipes, redirects, and && chains works. Parameters
NameTypeDescription
scriptstrShell command string (e.g. "ls -la /app && echo done")
Returns
TypeDescription
ExecOutputCollected stdout, stderr, and exit status

shell_stream()

async def shell_stream(script: str) -> ExecHandle
Shell command with streaming output. Parameters
NameTypeDescription
scriptstrShell command string
Returns
TypeDescription
ExecHandleStreaming handle

stop()

async def stop() -> None
Gracefully shut down the sandbox (SIGTERM).

stop_and_wait()

async def stop_and_wait() -> tuple[int, bool]
Stop the sandbox and wait for the exit status. Returns
TypeDescription
tuple[int, bool](exit_code, success)success is True if exit code is 0

wait()

async def wait() -> tuple[int, bool]
Block until the sandbox exits on its own. Returns
TypeDescription
tuple[int, bool](exit_code, success)success is True if exit code is 0

Context manager

async with await Sandbox.create("my-sandbox", image="alpine") as sb:
    output = await sb.shell("echo hello")
    print(output.stdout_text)
# sandbox is automatically killed and removed on exit
Use Sandbox as an async context manager to ensure cleanup. On exit, the sandbox is killed and its persisted state is removed.

Types

LogLevel

Sandbox process log verbosity.
ValueDescription
"debug"Debug and higher
"error"Errors only
"info"Info and higher
"trace"Most verbose — all diagnostic output
"warn"Warnings and errors only

MetricsStream

Async stream for receiving periodic metrics snapshots.
MethodReturnsDescription
__aiter__AsyncIterator[SandboxMetrics]Use with async for
recv()SandboxMetrics | NoneReceive next snapshot. Returns None when the stream ends.

PullPolicy

Controls when the SDK fetches an OCI image from the registry.
ValueDescription
"always"Pull the image every time, even if cached locally
"if-missing"Pull only if the image is not already cached. This is the default.
"never"Never pull; fail if the image is not cached locally

PullSession

Returned by Sandbox.create_with_progress(). Use as an async context manager to track image pull progress. 
session = Sandbox.create_with_progress("my-sandbox", image="ubuntu:latest")
async with session:
    async for event in session.progress:
        print(event)
    sb = await session.result()
Property / MethodTypeDescription
progressAsyncIterator[PullProgress]Async iterator of pull progress events
result()Awaitable[Sandbox]Await to get the final running sandbox

RegistryAuth

Private registry credentials.
FieldTypeDescription
usernamestrRegistry username
passwordstrRegistry password

SandboxConfig

The keyword arguments accepted by Sandbox.create() and Sandbox.create_with_progress().
FieldTypeDefaultDescription
imagestr | ImageSource-OCI image, local path, or disk image (required)
cpusint1Virtual CPUs
memoryint512Guest memory in MiB. This is a limit, not a reservation.
workdirstr-Default working directory for commands
shellstr"/bin/sh"Shell for shell() calls
hostnamestr-Guest hostname
userstr-Default guest user
entrypointlist[str]-Override image entrypoint
replaceboolFalseReplace existing sandbox with same name
max_durationfloat-Maximum sandbox lifetime in seconds
idle_timeoutfloat-Idle timeout in seconds
envdict[str, str]{}Environment variables visible to all commands
scriptsdict[str, str]{}Named scripts mounted at /.msb/scripts/
pull_policystr | PullPolicy"if-missing"Image pull behavior
log_levelstr | LogLevel-Override log verbosity
registry_authRegistryAuth-Private registry credentials
volumesdict[str, dict]{}Volume mounts. See Volumes.
patcheslist[PatchConfig][]Rootfs modifications applied before boot
portsdict[int, int]{}Port mappings (host_port: guest_port)
networkNetworkpublic_onlyNetwork policy and configuration
secretslist[SecretEntry][]Secret injection
detachedboolFalseIf True, sandbox survives after your process exits

SandboxHandle

A lightweight handle to an existing sandbox (running or stopped). Obtained via Sandbox.get() or Sandbox.list(). Provides status, configuration, and lifecycle control without an active connection to the guest agent. Call .start() or .connect() to upgrade to a full Sandbox.
Property / MethodTypeDescription
namestrSandbox name
statusstrCurrent status ("running", "stopped", "crashed", "draining", "paused")
config_jsonstrRaw JSON configuration
created_atfloat | NoneCreation timestamp (ms since epoch)
updated_atfloat | NoneLast update timestamp (ms since epoch)
connect()Awaitable[Sandbox]Connect to a running sandbox
start(*, detached=False)Awaitable[Sandbox]Start in attached or detached mode
stop()Awaitable[None]Graceful shutdown
kill()Awaitable[None]Force terminate
remove()Awaitable[None]Delete sandbox and state
metrics()Awaitable[SandboxMetrics]Point-in-time resource metrics

SandboxMetrics

Point-in-time resource usage snapshot.
FieldTypeDescription
cpu_percentfloatCPU usage as a percentage
disk_read_bytesintTotal bytes read from disk since boot
disk_write_bytesintTotal bytes written to disk since boot
memory_bytesintCurrent memory usage in bytes
memory_limit_bytesintMemory limit in bytes
net_rx_bytesintTotal bytes received over the network since boot
net_tx_bytesintTotal bytes sent over the network since boot
timestamp_msfloatWhen this measurement was taken (ms since epoch)
uptime_msintTime since the sandbox was created (ms)