Skip to main content
See Commands for usage examples.

attach()

async fn attach(&self, cmd: impl Into<String>, args: impl IntoIterator<Item = impl Into<String>>) -> MicrosandboxResult<i32>
Bridge your terminal directly to a process inside the sandbox for a fully interactive PTY session. Your terminal’s stdin, stdout, and stderr are connected to the guest process. Press Ctrl+] (or configured detach keys) to disconnect without stopping the process - it keeps running and can be reattached via its session ID. Parameters
NameTypeDescription
cmdimpl Into<String>Command to run
argsimpl IntoIterator<Item = impl Into<String>>Command arguments
Returns
TypeDescription
i32Exit code of the process

attach_shell()

async fn attach_shell(&self) -> MicrosandboxResult<i32>
Attach to the sandbox’s default shell (configured via SandboxBuilder::shell(), defaults to /bin/sh). Returns
TypeDescription
i32Exit code

attach_with()

async fn attach_with(&self, cmd: impl Into<String>, f: impl FnOnce(AttachOptionsBuilder) -> AttachOptionsBuilder) -> MicrosandboxResult<i32>
Interactive PTY attach with options for environment variables, working directory, user, and custom detach keys. Parameters
NameTypeDescription
cmdimpl Into<String>Command to run
fAttachOptionsBuilderConfigure attach options (env, cwd, user, detach keys).
Returns
TypeDescription
i32Exit code of the process

exec()

async fn exec(&self, cmd: impl Into<String>, args: impl IntoIterator<Item = impl Into<String>>) -> MicrosandboxResult<ExecOutput>
Run a command inside the sandbox and wait for it to complete. Collects all stdout and stderr into memory and returns them along with the exit code. For long-running processes or large output, use exec_stream() instead. Parameters
NameTypeDescription
cmdimpl Into<String>Command to execute (e.g. "python", "/usr/bin/node")
argsimpl IntoIterator<Item = impl Into<String>>Command arguments (e.g. ["-c", "print('hello')"])
Returns
TypeDescription
ExecOutputCollected stdout, stderr, and exit status

exec_stream()

async fn exec_stream(&self, cmd: impl Into<String>, args: impl IntoIterator<Item = impl Into<String>>) -> MicrosandboxResult<ExecHandle>
Run a command with streaming output. Returns a handle that emits stdout, stderr, and exit events as they happen, rather than buffering everything until the command finishes. Use this for long-running processes, large output, or when you need to process output incrementally. Parameters
NameTypeDescription
cmdimpl Into<String>Command to execute
argsimpl IntoIterator<Item = impl Into<String>>Command arguments
Returns
TypeDescription
ExecHandleStreaming handle for receiving events and controlling the process

exec_stream_with()

async fn exec_stream_with(&self, cmd: impl Into<String>, f: impl FnOnce(ExecOptionsBuilder) -> ExecOptionsBuilder) -> MicrosandboxResult<ExecHandle>
Streaming execution with per-execution overrides. Enable stdin_pipe() to write to the process’s stdin, and tty(true) to allocate a pseudo-terminal for interactive programs like shells, REPLs, or editors. Parameters
NameTypeDescription
cmdimpl Into<String>Command to execute
fExecOptionsBuilderConfigure execution options.
Returns
TypeDescription
ExecHandleStreaming handle

exec_with()

async fn exec_with(&self, cmd: impl Into<String>, f: impl FnOnce(ExecOptionsBuilder) -> ExecOptionsBuilder) -> MicrosandboxResult<ExecOutput>
Run a command with per-execution overrides. The closure receives an ExecOptionsBuilder to configure working directory, environment variables, timeout, resource limits, stdin mode, and TTY allocation. These overrides apply only to this execution and don’t change the sandbox’s defaults. Parameters
NameTypeDescription
cmdimpl Into<String>Command to execute
fExecOptionsBuilderConfigure execution options.
Returns
TypeDescription
ExecOutputCollected stdout, stderr, and exit status

shell()

async fn shell(&self, script: impl Into<String>) -> MicrosandboxResult<ExecOutput>
Run a command through the sandbox’s configured shell (defaults to /bin/sh). The script is passed as sh -c "<script>", so shell syntax like pipes, redirects, and && chains works. Parameters
NameTypeDescription
scriptimpl Into<String>Shell command string (e.g. "ls -la /app && echo done")
Returns
TypeDescription
ExecOutputCollected stdout, stderr, and exit status

shell_stream()

async fn shell_stream(&self, script: impl Into<String>) -> MicrosandboxResult<ExecHandle>
Shell command with streaming output. Parameters
NameTypeDescription
scriptimpl Into<String>Shell command string
Returns
TypeDescription
ExecHandleStreaming handle

Types

ExecEvent

Events emitted by a streaming execution.
VariantFieldsDescription
Exitedcode: i32The process has exited. code is the exit code.
Startedpid: u32The process has started. pid is the guest-side PID.
StderrBytesA chunk of stderr data.
StdoutBytesA chunk of stdout data. May arrive in arbitrary sizes.

ExecHandle

A handle to a running streaming execution. Receives events as the process produces output, and provides control over stdin and signals.
MethodReturnsDescription
collect()ExecOutputWait for exit and collect all remaining stdout/stderr.
id()StringSession ID for this execution. Can be used to reattach later.
kill()()Send SIGKILL to the process.
recv()Option<ExecEvent>Receive the next event. Returns None when the process has exited and all output has been delivered.
signal(signal)()Send a POSIX signal to the process (e.g. libc::SIGTERM).
take_stdin()Option<ExecSink>Take the stdin writer. Only available if stdin_pipe() was enabled. Returns None after the first call.
wait()ExitStatusWait for the process to exit, discarding any remaining output.

ExecOptionsBuilder

Builder for per-execution overrides. Does not change the sandbox’s defaults.
MethodParametersDescription
args()impl IntoIterator<Item = impl Into<String>>Append command-line arguments.
cwd()impl Into<String>Override the working directory for this command.
env()- key: impl Into<String>
- value: impl Into<String>		Set an environment variable. Merged on top of sandbox-level env vars.
envs()impl IntoIterator<Item = (String, String)>Set multiple environment variables at once.
rlimit()- resource: RlimitResource
- limit: u64		Set a POSIX resource limit (soft = hard). Applied via setrlimit() before exec.
rlimit_range()- resource: RlimitResource
- soft: u64
- hard: u64		Set a resource limit with different soft and hard values.
stdin_bytes()impl Into<Vec<u8>>Provide fixed bytes as stdin. The process reads them and then sees EOF.
stdin_null()-Stdin reads from /dev/null. This is the default.
stdin_pipe()-Enable a stdin writer via ExecSink. Use with ExecHandle::take_stdin().
timeout()DurationKill the process with SIGKILL if it hasn’t exited within this duration.
tty()boolAllocate a pseudo-terminal. Enable for interactive programs (shells, editors, top); disable for scripts and batch jobs. Default: false.
user()impl Into<String>Override the guest user for this command.

ExecOutput

The result of a completed command execution. Holds the exit status and all captured output.
Field / MethodTypeDescription
status()ExitStatusExit code and success flag
stderr()Result<String>Collected stderr decoded as UTF-8
stderr_bytes()&BytesRaw stderr bytes without decoding
stdout()Result<String>Collected stdout decoded as UTF-8. Returns Err if the output is not valid UTF-8.
stdout_bytes()&BytesRaw stdout bytes without decoding

ExecSink

A writer for sending data to a running process’s stdin. Obtained via ExecHandle::take_stdin().
MethodParametersDescription
close()-Close stdin. The process sees EOF on its stdin.
write()data: impl AsRef<[u8]>Write bytes to the process’s stdin.

ExitStatus

The exit status of a completed process.
FieldTypeDescription
codei32Exit code. 0 typically means success.
successbooltrue if code is 0

RlimitResource

POSIX resource limit identifiers. Maps to RLIMIT_* constants.
ValueDescription
AsMax address space size
CoreMax core file size
CpuMax CPU time in seconds
DataMax data segment size
FsizeMax file size in bytes
LocksMax file locks
MemlockMax locked memory
MsgqueueMax bytes in POSIX message queues
NiceMax nice priority
NofileMax open file descriptors
NprocMax number of processes
RssMax resident set size
RtprioMax real-time priority
RttimeMax real-time timeout
SigpendingMax pending signals
StackMax stack size