Skip to main content
See Overview for configuration examples and Lifecycle for state management.

Static methods

Sandbox.create()

static create(config: SandboxConfig): Promise<Sandbox>
Create and boot a sandbox in attached mode. The sandbox stops when your process exits. Pulls the image if needed, boots the VM, starts the guest agent, and waits until it’s ready to accept commands. Parameters
NameTypeDescription
configSandboxConfigSandbox configuration
Returns
TypeDescription
SandboxRunning sandbox

Sandbox.createDetached()

static createDetached(config: SandboxConfig): Promise<Sandbox>
Create and boot in detached mode. The sandbox survives after your process exits. Reconnect later with Sandbox.get(). Parameters
NameTypeDescription
configSandboxConfigSandbox configuration
Returns
TypeDescription
SandboxRunning sandbox

Sandbox.get()

static get(name: string): Promise<SandboxHandle>
Get a handle to an existing sandbox (running or stopped). The handle provides status, configuration, and lifecycle control. Parameters
NameTypeDescription
namestringSandbox name
Returns
TypeDescription
SandboxHandleHandle with status and lifecycle control

Sandbox.list()

static list(): Promise<Array<SandboxInfo>>
List all sandboxes (running, stopped, and crashed). Returns
TypeDescription
Array<SandboxInfo>All sandboxes

Sandbox.remove()

static remove(name: string): Promise<void>
Delete a stopped sandbox and all its state from disk. Fails if the sandbox is still running. Parameters
NameTypeDescription
namestringSandbox name

Sandbox.start()

static start(name: string): Promise<Sandbox>
Restart a previously stopped sandbox. The VM reboots using the persisted configuration. Parameters
NameTypeDescription
namestringName of a stopped sandbox
Returns
TypeDescription
SandboxRunning sandbox

Sandbox.startDetached()

static startDetached(name: string): Promise<Sandbox>
Restart a stopped sandbox in detached mode. Parameters
NameTypeDescription
namestringName of a stopped sandbox
Returns
TypeDescription
SandboxRunning sandbox

Instance properties

name

get name(): Promise<string>
Sandbox name.

ownsLifecycle

get ownsLifecycle(): Promise<boolean>
Whether this handle owns the sandbox lifecycle. true in attached mode, false in detached mode.

Instance methods

detach()

detach(): Promise<void>
Release the handle without stopping the sandbox. Reconnect later with Sandbox.get().

drain()

drain(): Promise<void>
Start a graceful drain. Existing commands run to completion, new exec calls are rejected.

fs()

fs(): SandboxFs
Get a filesystem handle for reading and writing files inside the running sandbox. See Filesystem for the full API. Returns
TypeDescription
SandboxFsFilesystem handle

kill()

kill(): Promise<void>
Force-terminate the sandbox immediately. No graceful shutdown.

metrics()

metrics(): Promise<SandboxMetrics>
Get a point-in-time snapshot of the sandbox’s resource usage. Returns
TypeDescription
SandboxMetricsCPU, memory, disk, network metrics

metricsStream()

metricsStream(intervalMs: number): Promise<MetricsStream>
Stream resource metrics at a regular interval. The returned stream supports both recv() and for await...of. Parameters
NameTypeDescription
intervalMsnumberMilliseconds between metric snapshots
Returns
TypeDescription
MetricsStreamAsync stream of metrics

removePersisted()

removePersisted(): Promise<void>
Remove the sandbox and all its persisted state from disk.

stop()

stop(): Promise<void>
Gracefully shut down the sandbox.

stopAndWait()

stopAndWait(): Promise<ExitStatus>
Stop the sandbox and wait for the exit status. Returns
TypeDescription
ExitStatusExit code and success flag

wait()

wait(): Promise<ExitStatus>
Block until the sandbox exits on its own. Returns
TypeDescription
ExitStatusExit code and success flag

Types

LogLevel

Sandbox process log verbosity.
ValueDescription
'debug'Debug and higher
'error'Errors only
'info'Info and higher
'trace'Most verbose - all diagnostic output
'warn'Warnings and errors only

MetricsStream

Async stream for receiving periodic metrics snapshots.
MethodReturnsDescription
[Symbol.asyncIterator]AsyncGenerator<SandboxMetrics>Use with for await...of
recv()Promise<SandboxMetrics | null>Receive next snapshot. Returns null when the stream ends.

PullPolicy

Controls when the SDK fetches an OCI image from the registry.
ValueDescription
'always'Pull the image every time, even if cached locally
'if-missing'Pull only if the image is not already cached. This is the default.
'never'Never pull; fail if the image is not cached locally

SandboxConfig

Configuration object passed to Sandbox.create() and Sandbox.createDetached().
FieldTypeDefaultDescription
cpus?number1Virtual CPUs
entrypoint?Array<string>-Override image entrypoint
env?Record<string, string>{}Environment variables visible to all commands
hostname?string-Guest hostname
imagestring-OCI image, local path, or disk image (required)
logLevel?LogLevel-Override log verbosity
maxDurationSecs?number-Maximum sandbox lifetime in seconds
memoryMib?number512Guest memory in MiB. This is a limit, not a reservation.
namestring-Sandbox name (required)
network?NetworkConfigpublicOnlyNetwork policy and configuration
patches?Array<PatchConfig>[]Rootfs modifications applied before boot
ports?Record<string, number>{}Port mappings ("hostPort": guestPort)
pullPolicy?PullPolicy'if-missing'Image pull behavior
quietLogs?booleanfalseSuppress log output
registryAuth?{ username: string, password: string }-Private registry credentials
replace?booleanfalseReplace existing sandbox with same name
scripts?Record<string, string>{}Named scripts mounted at /.msb/scripts/
secrets?Array<SecretEntry>[]Secret injection
shell?string/bin/shShell for shell() calls
user?string-Default guest user
volumes?Record<string, MountConfig>{}Volume mounts. See Volumes.
workdir?string-Default working directory for commands

SandboxHandle

A lightweight handle to an existing sandbox (running or stopped). Obtained via Sandbox.get() or Sandbox.list(). Provides status, configuration, and lifecycle control without an active connection to the guest agent. Call .start() or .connect() to upgrade to a full Sandbox.
Property / MethodTypeDescription
configJsonstringRaw JSON configuration
connect()Promise<Sandbox>Connect to a running sandbox
createdAtnumber | nullCreation timestamp (ms since epoch)
kill()Promise<void>Force terminate
metrics()Promise<SandboxMetrics>Point-in-time resource metrics
namestringSandbox name
remove()Promise<void>Delete sandbox and state
start()Promise<Sandbox>Start in attached mode
startDetached()Promise<Sandbox>Start in detached mode
statusSandboxStatusCurrent status
stop()Promise<void>Graceful shutdown
updatedAtnumber | nullLast update timestamp (ms since epoch)

SandboxInfo

Summary information about a sandbox, returned by Sandbox.list().
FieldTypeDescription
configJsonstringRaw JSON configuration
createdAtnumber | nullCreation timestamp
namestringSandbox name
statusstringCurrent status
updatedAtnumber | nullLast update timestamp

SandboxMetrics

Point-in-time resource usage snapshot.
FieldTypeDescription
cpuPercentnumberCPU usage as a percentage
diskReadBytesnumberTotal bytes read from disk since boot
diskWriteBytesnumberTotal bytes written to disk since boot
memoryBytesnumberCurrent memory usage in bytes
memoryLimitBytesnumberMemory limit in bytes
netRxBytesnumberTotal bytes received over the network since boot
netTxBytesnumberTotal bytes sent over the network since boot
timestampMsnumberWhen this measurement was taken (ms since epoch)
uptimeMsnumberTime since the sandbox was created (ms)

SandboxStatus

ValueDescription
'crashed'VM exited unexpectedly
'draining'Graceful shutdown in progress
'running'Guest agent is ready
'stopped'VM shut down; can be restarted