Sandbox.builder(name) and chain configuration calls before terminating with .create(). Use .detached(true) before .create() for detached/background mode. Sandbox names must be non-empty and no longer than 128 UTF-8 bytes.
libkrunfw selection is process-level, not per sandbox. To use a custom library, call setRuntimeLibkrunfwPath(path) before creating local sandboxes, set MSB_LIBKRUNFW_PATH, or configure paths.libkrunfw.
Typical flow
Static methods
Sandbox.builder()
Example
Example
.create() to boot it. Sandbox names must be non-empty and no longer than 128 UTF-8 bytes. See SandboxBuilder for all available options.
Parameters
namestringReturns
Sandbox.get()
Example
Example
Parameters
namestringReturns
Sandbox.list()
Example
Example
list() are read-only - call Sandbox.get(name) to get a live handle for lifecycle calls.
Returns
Sandbox.listWith()
Example
Example
list(), the returned handles are read-only.
Parameters
filter{ labels?: Record<string, string> }Returns
Sandbox.remove()
Example
Example
Parameters
namestringSandbox.start()
Example
Example
await using) or when stop() is called.
Parameters
namestringReturns
Sandbox.startDetached()
Example
Example
Parameters
namestringReturns
Instance methods
A runningSandbox also exposes two read-only properties: name (string, the sandbox name) and ownsLifecycle (boolean, true in attached mode where the auto-disposer stops the sandbox, false in detached mode).
Command execution (exec, execWith, execStream, execStreamWith, shell, shellStream) and foreground attachment (attach, attachWith, attachShell) live on the Execution page.
sandbox.config()
Example
Example
SandboxBuilder.build().
Returns
sandbox.detach()
Example
Example
Sandbox.get().
sandbox.fs()
Example
Example
Returns
sandbox.kill()
Example
Example
fsync’d may be lost, same durability semantics as a sudden power loss on a physical machine. Prefer stop() for graceful shutdown that gives the workload a chance to flush.
sandbox.killWithTimeout()
Example
Example
timeoutMs for stopped-state observation.
Parameters
timeoutMsnumbersandbox.logs()
Example
Example
exec.log. Backed by an on-disk JSON Lines file the runtime writes via the relay tap. Works on running and stopped sandboxes alike - there is no protocol traffic. The same method is available on SandboxHandle for callers that don’t want to start the sandbox first.
The default sources are "stdout", "stderr", and "output" (PTY-merged). Pass "system" to also include synthetic lifecycle markers and runtime/kernel diagnostic lines, or "all" for every source.
Parameters
optsLogReadOptions?tail, since, until, sources. Omit for the default user-program sources.Returns
sandbox.logStream()
Example
Example
exec.log as logs(), but yields entries lazily. Pass { follow: true } to keep the stream open past current EOF and pick up new entries as they are written; otherwise the stream drains the current contents and ends. Each yielded LogEntry carries an opaque cursor that can be passed back via LogStreamOptions.fromCursor to resume.
Parameters
follow and resume controls (since, fromCursor).Returns
sandbox.ping()
Example
Example
core.ping and waits for core.pong; it does not start stopped sandboxes and returns an error if the sandbox is not running or agentd cannot respond. After upgrading from a runtime that predates protocol generation 6, restart already-running sandboxes so the guest agent understands the message.
Returns
sandbox.touch()
Example
Example
core.touch, receives core.touched, and advances the guest activity sequence used by the runtime idle-timeout monitor. It does not start stopped sandboxes and it does not bypass maxDuration.
Returns
sandbox.modify()
Example
Example
"live", "next start", "requires restart", or "unsupported", and apply is all-or-nothing.
cpus and memory resize live within the maxCpus / maxMemory ceilings; raising a ceiling requires a restart. Env and workdir changes affect future execs only. On a stopped sandbox, changes are saved for the next boot.
Secret changes are Rust-SDK and CLI only for now. The CLI equivalent is msb modify.
A live CPU or memory resize can take a moment to settle. The new limits are enforced immediately, and the returned plan’s resizeStatus reports when the sandbox has finished adjusting. See SandboxModificationPlan.
Parameters
optsModifyOptionspolicy and dryRun. Omitted fields are left unchanged.Returns
dryRun: true.sandbox.metrics()
Example
Example
Returns
sandbox.metricsStream()
Example
Example
MetricsStream supports both recv() and for await...of.
Parameters
intervalMsnumberReturns
sandbox.requestDrain()
Example
Example
exec calls are rejected. The sandbox transitions to stopped when all in-flight commands finish. Use waitUntilStopped() when the caller needs stopped-state observation. Useful for zero-downtime rotation of worker sandboxes.
sandbox.requestKill()
Example
Example
sandbox.requestStop()
Example
Example
sandbox.ssh()
Returns
sandbox.stop()
Example
Example
sandbox.stopWithTimeout()
Example
Example
0 force-kills immediately. Resolves successfully either way - it does not throw on timeout expiry.
Parameters
timeoutMsnumber0 skips the grace period.sandbox.waitUntilStopped()
Example
Example
Returns
sandbox.Symbol.asyncDispose
Example
Example
AsyncDisposable so the sandbox can be used with await using. When the binding goes out of scope, the sandbox is stopped (best-effort) - but only if ownsLifecycle is true.
SandboxBuilder
Fluent builder for configuring a sandbox before creation. Obtained viaSandbox.builder(name). Every setter returns the same builder so calls chain. Examples are shown on the methods where usage is non-obvious; simple setters are demonstrated by the Typical flow above.
.build()
SandboxConfig without booting the sandbox. Validates the configuration and consumes the builder. For booting, use create instead - it builds internally.
Returns
.cpus()
Parameters
nnumber.maxCpus()
Parameters
nnumber.create()
Example
Example
await using binding goes out of scope. Call detached(true) first for background mode.
Returns
.createWithPullProgress()
Example
Example
PullProgressCreate that yields PullProgress events as the image is resolved, downloaded, and materialized; call awaitSandbox() after iteration to obtain the live sandbox.
Returns
.detached()
true. A detached sandbox survives after your process exits and does not auto-stop on await using scope exit.
Parameters
enabledboolean.disableMetricsSample()
.disableNetwork()
.entrypoint()
msb exec / msb run (CLI command resolution), not by sandbox.exec / sandbox.shell - those pass cmd literally to the guest agent. Use this when configuring a sandbox via the SDK for later CLI attachment.
Parameters
cmdstring[].env()
execWith) are merged on top.
Parameters
keystringvaluestring.envs()
Parameters
varsRecord<string, string>.ephemeral()
true, the sandbox and all its persisted state are removed automatically once it stops, rather than left on disk for restart.
Parameters
enabledboolean.fromSnapshot()
Parameters
pathOrNamestring.hostname()
Parameters
namestring.libkrunfwPath()
setRuntimeLibkrunfwPath(path) and returns the builder; it is not a per-sandbox setting.
Parameters
pathstring.idleTimeout()
Parameters
secsnumber.image()
"alpine"), local directory paths, or disk image paths. The format is auto-detected. Required unless fromSnapshot is used.
Parameters
srcstring.imageWith()
Example
Example
Parameters
configure(b: ImageBuilder) => ImageBuilder.init()
Example
Example
cmd after agentd finishes its boot-time setup. cmd is either an absolute path inside the guest rootfs or the literal "auto", which honors a known image ENTRYPOINT init then falls back to probing common init paths. See Custom init system. For init binaries that need extra env, use initWith.
Parameters
cmdstring“auto”.argsstring[]?.initWith()
Example
Example
init, but with a closure-builder for argv and env vars. The builder exposes .arg, .args, .env, and .envs. Calling init or initWith more than once overwrites.
Parameters
cmdstringconfigure(b: InitOptionsBuilder) => InitOptionsBuilder.label()
Sandbox.listWith().
Parameters
keystringvaluestring.labels()
Parameters
labelsRecord<string, string>.logLevel()
Parameters
levelLogLevel.maxDuration()
Parameters
secsnumber.memory()
Parameters
mibnumber.maxMemory()
Parameters
mibnumber.metricsSampleIntervalMs()
Parameters
msnumber.network()
Parameters
.patch()
Example
Example
PatchBuilder for the operations.
Parameters
configure(b: PatchBuilder) => PatchBuilder.port()
127.0.0.1. For an explicit bind address, use portBind.
Parameters
hostnumberguestnumber.portBind()
"0.0.0.0".
Parameters
bindstringhostnumberguestnumber.portUdp()
127.0.0.1.
Parameters
hostnumberguestnumber.portUdpBind()
Parameters
bindstringhostnumberguestnumber.pullPolicy()
Parameters
policyPullPolicy.quietLogs()
.registry()
Example
Example
Parameters
configure(b: RegistryBuilder) => RegistryBuilder.replace()
.replaceWithTimeout()
replace() with a custom SIGTERM timeout in milliseconds. 0 skips SIGTERM and force-kills immediately. Implies replace().
Parameters
timeoutMsnumber.rlimit()
rlimitRange.
Parameters
resourcestring“nofile”.limitnumber.rlimitRange()
Parameters
resourcestring“nofile”.softnumberhardnumber.script()
/.msb/scripts/ inside the guest. Scripts are added to PATH and can be called by name via exec() or shell().
Parameters
namestringcontentstring.scripts()
Parameters
scriptsRecord<string, string>.security()
Parameters
profile”default” | “restricted”.secret()
Parameters
configure(b: SecretBuilder) => SecretBuilder.secretEnv()
$MSB_<env_var> placeholder usable in headers.
Parameters
envVarstring= or NUL).valuestringallowedHoststring.shell()
sandbox.shell().
Parameters
shellstring“/bin/bash”)..user()
Parameters
userstring.volume()
Parameters
gueststringconfigure(b: MountBuilder) => MountBuilder.workdir()
Parameters
pathstringPatchBuilder
Fluent builder for the ordered list of pre-boot rootfs patches. Used inSandboxBuilder.patch(p => p...). Each method appends one operation; calls are chainable. By default a method that targets a path already present in the image errors at boot; pass { replace: true } on the operation to allow overwriting. mkdir and remove are idempotent. See Patches for conceptual context.
.append()
content to an existing file at path. If the file lives in a lower image layer, it’s copied up first.
Parameters
pathstringcontentstring.copyDir()
src into the guest rootfs at dst.
Parameters
srcstringdststringopts.replacebooleantrue, overwrite an existing path at dst..copyFile()
src into the guest rootfs at dst.
Parameters
srcstringdststringopts.modenumber0o644. Omit to keep the source mode.opts.replacebooleantrue, overwrite an existing path at dst..file()
path.
Parameters
pathstringcontentBufferopts.modenumber0o644.opts.replacebooleantrue, overwrite an existing path..mkdir()
path. Idempotent: a no-op if the directory already exists.
Parameters
pathstringopts.modenumber0o755..remove()
path. Idempotent: a no-op if the path doesn’t exist.
Parameters
pathstring.symlink()
link pointing to target.
Parameters
targetstringlinkstringopts.replacebooleantrue, overwrite an existing path at link..text()
path.
Parameters
pathstringcontentstringopts.modenumber0o644.opts.replacebooleantrue, overwrite an existing path.Types
LogEntry
Returned by logs() · logStream()
A class wrapping one captured log entry fromexec.log. Bytes are exposed via data; use text() for a UTF-8-lossy decode.
| Property / Method | Type | Description |
|---|---|---|
| timestamp | Date | Wall-clock capture time on the host |
| source | LogSource | Where the chunk came from |
| sessionId | number | null | Relay-monotonic session id; null for "system" entries |
| data | Uint8Array | The captured chunk’s bytes (UTF-8 lossy decoded by default) |
| cursor | string | Opaque resume token; pass to LogStreamOptions.fromCursor to resume |
text() | string | Convenience: UTF-8 decode of data (lossy - invalid bytes are replaced) |
LogLevel
Used by logLevel()
Sandbox process log verbosity. String literal type.| Value | Description |
|---|---|
"error" | Errors only |
"warn" | Warnings and errors only |
"info" | Info and higher |
"debug" | Debug and higher |
"trace" | Most verbose - all diagnostic output |
LogReadOptions
Used by logs()
Filters passed tologs(). All fields optional. Omit the argument entirely for the default sources (stdout + stderr + output).
| Field | Type | Description |
|---|---|---|
| tail | number? | Show only the last N entries after other filters apply |
| since | Date? | Inclusive lower bound on entry timestamp |
| until | Date? | Exclusive upper bound on entry timestamp |
| sources | ReadonlyArray<LogSource | "all">? | Sources to include. Omit = ["stdout", "stderr", "output"]. Add "system" or pass "all" to merge runtime/kernel diagnostics. |
LogStream
Returned by logStream()
An async iterable ofLogEntry values. Drain it with for await...of or call recv() directly. Implements AsyncDisposable, so it works with await using.
LogStreamOptions
Used by logStream()
Options passed tologStream(). All fields optional. since and fromCursor are mutually exclusive - passing both rejects at the boundary.
| Field | Type | Description |
|---|---|---|
| sources | ReadonlyArray<LogSource | "all">? | Same shape as LogReadOptions.sources |
| since | Date? | Start at the first entry whose timestamp is >= since. Mutually exclusive with fromCursor. |
| fromCursor | string? | Resume strictly after the entry whose LogEntry.cursor matches. Mutually exclusive with since. |
| until | Date? | Stop emitting at the first entry whose timestamp is >= until |
| follow | boolean? | When true, keep the stream open past current EOF and yield new entries as they are written. Defaults to false. |
LogSource
Used by LogEntry.source · LogReadOptions.sources
Tag indicating where a captured log entry came from. String literal type:| Value | Description |
|---|---|
"stdout" | Captured from a session’s stdout (pipe mode - streams stayed separated) |
"stderr" | Captured from a session’s stderr (pipe mode) |
"output" | Captured from a session running in PTY mode. PTY allocation merges stdout and stderr at the kernel level inside the guest, so they arrive as a single stream - tagged "output" rather than mislabelled as "stdout". |
"system" | Synthetic entry: lifecycle markers in exec.log plus runtime/kernel diagnostic lines merged in at read time when "system" is requested. |
MetricsStream
Returned by metricsStream()
Async stream for receiving periodic metrics snapshots. ImplementsAsyncDisposable, so it works with await using.
| Method | Returns | Description |
|---|---|---|
recv() | Promise<SandboxMetrics | null> | Receive the next snapshot. Returns null when the stream ends. |
[Symbol.asyncIterator]() | AsyncIterator<SandboxMetrics> | Use with for await...of |
[Symbol.asyncDispose]() | Promise<void> | Stop iterating; safe to use with await using |
ModifyOptions
Used by modify()
A requested sandbox modification. Omitted fields are left unchanged. Secret changes are Rust-SDK and CLI only for now.| Field | Type | Description |
|---|---|---|
| cpus | number | Desired effective vCPU count. Live when within the booted maxCpus |
| maxCpus | number | Boot-time maximum possible vCPUs (restart-backed) |
| memory | number | Desired effective guest memory in MiB. Live when within the booted maxMemory |
| maxMemory | number | Boot-time maximum hotpluggable memory in MiB (restart-backed) |
| env | Record<string, string> | Environment variables to set for future execs |
| envRemove | string[] | Environment variable keys to remove |
| labels | Record<string, string> | Labels to set |
| labelsRemove | string[] | Label keys to remove |
| workdir | string | Working directory for future execs |
| policy | "no_restart" | "next_start" | "restart" | "no_restart" (default) applies only changes that can complete without restarting; "next_start" persists changes for the next start without mutating a running VM; "restart" restarts if needed so restart-required changes become active now |
| dryRun | boolean | Compute the plan without applying anything. Defaults to false |
PullPolicy
Used by pullPolicy()
Controls when the SDK fetches an OCI image from the registry. String literal type.| Value | Description |
|---|---|
"always" | Pull the image every time, even if cached locally |
"if-missing" | Pull only if the image is not already cached. This is the default. |
"never" | Never pull; fail if the image is not cached locally |
PullProgress
Yielded by PullProgressCreate
Image pull and materialize progress event emitted byPullProgressCreate. A discriminated union. Narrow on kind to access variant-specific fields.
kind value | Additional fields |
|---|---|
"resolving" | reference: string |
"resolved" | reference: string, manifestDigest: string, layerCount: number, totalDownloadBytes?: number |
"layerDownloadProgress" | layerIndex: number, digest: string, downloadedBytes: number, totalBytes?: number |
"layerDownloadComplete" | layerIndex: number, digest: string, downloadedBytes: number |
"layerDownloadVerifying" | layerIndex: number, digest: string |
"layerMaterializeStarted" | layerIndex: number, diffId: string |
"layerMaterializeProgress" | layerIndex: number, bytesRead: number, totalBytes: number |
"layerMaterializeWriting" | layerIndex: number |
"layerMaterializeComplete" | layerIndex: number, diffId: string |
"stitchMergingTrees" | layerCount: number |
"stitchWritingFsmeta" | (none) |
"stitchWritingVmdk" | (none) |
"stitchComplete" | (none) |
"complete" | reference: string, layerCount: number |
totalDownloadBytes and totalBytes on the "resolved" / "layerDownloadProgress" variants may be absent if the manifest omits sizes.
PullProgressCreate
Returned by createWithPullProgress()
Async iterable creation handle returned bycreateWithPullProgress(). Yields PullProgress events as the image is resolved, downloaded, and materialized. Call awaitSandbox() after iteration to obtain the live sandbox.
| Method / Property | Returns | Description |
|---|---|---|
| progress | NapiPullProgressStream | The underlying progress event stream |
[Symbol.asyncIterator]() | AsyncIterator<PullProgress> | Use with for await...of |
awaitSandbox() | Promise<Sandbox> | Resolve the underlying creation task and return the running sandbox |
SandboxConfig
Returned by config() · build()
Configuration object produced bybuild() and returned by config(). You generally should not construct this by hand; use the builder.
| Field | Type | Description |
|---|---|---|
| name | string | Sandbox name, up to 128 UTF-8 bytes |
| image | RootfsSource | OCI / bind / disk discriminated union |
| cpus | number | null | Virtual CPUs |
| maxCpus | number | null | Boot-time maximum possible virtual CPUs |
| memoryMib | number | null | Guest memory in MiB |
| maxMemoryMib | number | null | Boot-time maximum hotpluggable memory in MiB |
| logLevel | LogLevel | null | Log verbosity |
| quietLogs | boolean | Suppress log output |
| workdir | string | null | Default working directory |
| shell | string | null | Shell binary |
| securityProfile | "default" | "restricted" | In-guest security profile |
| entrypoint | string[] | null | Override image entrypoint |
| cmd | string[] | null | Override image cmd |
| hostname | string | null | Guest hostname |
| user | string | null | Default guest user |
| env | Array<readonly [string, string]> | Environment variables |
| scripts | Array<readonly [string, string]> | Named scripts |
| mounts | VolumeMount[] | Volume mounts |
| patches | Patch[] | Rootfs modifications applied before boot |
| pullPolicy | PullPolicy | null | Image pull behavior |
| replace | boolean | Replace existing sandbox with same name |
| replaceWithTimeoutMs | number | Milliseconds to wait after SIGTERM before escalating to SIGKILL (default 10000; 0 skips SIGTERM) |
| maxDurationSecs | number | null | Maximum sandbox lifetime |
| idleTimeoutSecs | number | null | Stop after idle time |
| portsTcp | Array<readonly [number, number]> | TCP host→guest mappings |
| portsUdp | Array<readonly [number, number]> | UDP host→guest mappings |
| registry | RegistryConfig | null | Registry connection settings |
| network | NetworkConfig | null | Network configuration |
| disableNetwork | boolean | Disable networking entirely |
| secrets | SecretEntry[] | Secret entries (top-level) |
SandboxHandle
Returned by Sandbox.get() · Sandbox.list() · Sandbox.listWith()
A lightweight handle to an existing sandbox (running or stopped). Obtained viaSandbox.get(), Sandbox.list(), or Sandbox.listWith(). Provides status, configuration, and lifecycle control without an active connection to the guest agent.
Handles from Sandbox.get(name) are live - they expose lifecycle methods (start, stop, kill, connect, etc). Handles in the arrays returned by Sandbox.list() / Sandbox.listWith() are read-only: calling lifecycle methods on them throws. Use Sandbox.get(name) to upgrade to a live handle.
| Property / Method | Type | Description |
|---|---|---|
| name | string | Sandbox name, up to 128 UTF-8 bytes |
| status | SandboxStatus | Current status |
| configJson | string | Raw JSON configuration |
| createdAt | Date | null | Creation timestamp |
| updatedAt | Date | null | Last update timestamp |
| config() | SandboxConfig | Parsed configuration |
| refresh() | Promise<SandboxHandle> | Re-read the handle’s state from the database |
| ping() | Promise<SandboxPingResult> | Check agent reachability without refreshing idle activity; does not start stopped sandboxes |
| touch() | Promise<SandboxTouchResult> | Explicitly refresh idle activity; does not start stopped sandboxes |
| modify(opts?) | Promise<SandboxModificationPlan> | Plan or apply a configuration change; same options as modify(). Does not start stopped sandboxes; changes persist for the next boot |
| metrics() | Promise<SandboxMetrics> | Point-in-time resource metrics |
| logs() | Promise<LogEntry[]> | Read captured exec.log (works without starting) |
| logStream() | Promise<LogStream> | Stream captured exec.log, with optional follow |
| start() | Promise<Sandbox> | Start in attached mode |
| startDetached() | Promise<Sandbox> | Start in detached mode |
| connect() | Promise<Sandbox> | Connect to a running sandbox without taking ownership. Returns an error if it doesn’t respond within 10_000 ms |
| connectWithTimeout(timeoutMs) | Promise<Sandbox> | Same as connect() with an explicit timeout in milliseconds |
| stop() | Promise<void> | Gracefully shut down. Waits up to 10_000 ms for pending writes to flush, then force-kills |
| stopWithTimeout(timeoutMs) | Promise<void> | Same as stop() with an explicit timeout in milliseconds; 0 force-kills immediately |
| requestStop() | Promise<void> | Request graceful shutdown without waiting |
| kill() | Promise<void> | Force terminate and wait until stopped state is observed |
| killWithTimeout(timeoutMs) | Promise<void> | Same as kill() with an explicit observation timeout |
| requestKill() | Promise<void> | Request force termination without waiting |
| requestDrain() | Promise<void> | Request graceful drain without waiting |
| waitUntilStopped() | Promise<SandboxStopResult> | Block until the sandbox reaches terminal state |
| remove() | Promise<void> | Delete sandbox and state |
| snapshot(name) | Promise<Snapshot> | Snapshot this stopped sandbox under a bare name. See Snapshots |
| snapshotTo(path) | Promise<Snapshot> | Snapshot this stopped sandbox to an explicit filesystem path |
SandboxModificationPlan
Returned by modify()
Dry-run or apply plan for a sandbox modification. Values never appear in a plan: secret entries carry only guest-visible references.| Field | Type | Description |
|---|---|---|
| sandbox | string | Sandbox being modified |
| status | string | Status used for classification ("running", "stopped", …) |
| applied | boolean | Whether the changes were applied; false for dry runs |
| policy | "no_restart" | "next_start" | "restart" | Policy used to produce the plan |
| changes | PlannedChange[] | Planned changes, one entry per field or secret |
| conflicts | { field, message }[] | Conflicts that must be resolved before the patch can apply |
| warnings | { field, message }[] | Non-fatal warnings, e.g. the future-execs-only env caveat |
| resizeStatus | ResourceResizeStatus[] | Live resource resize outcomes, populated by apply when a live change ran (see below) |
PlannedChange
Used by SandboxModificationPlan.changes
Discriminated union onkind. Both variants carry field, change, disposition, and reason.
| Variant | Type | Description |
|---|---|---|
kind: "config" | ConfigPlannedChange | Ordinary config change |
kind: "secret" | SecretPlannedChange | Secret change. Values are omitted by construction; references are guest-visible only |
ConfigPlannedChange
Variant of PlannedChange
Ordinary configuration change in a modification plan.| Field | Type | Description |
|---|---|---|
| field | string | Config field being changed |
| change | "added" | "updated" | "removed" | Natural change type for table rendering |
| before | string | null | Previous safe visible state |
| after | string | null | New safe visible state |
| disposition | "live" | "next start" | "requires restart" | "unsupported" | When or whether the change can take effect |
| reason | string | null | Human-readable reason for the classification, when useful |
SecretPlannedChange
Variant of PlannedChange
Secret change in a modification plan. Values are omitted by construction;beforeRef and afterRef are guest-visible references.
| Field | Type | Description |
|---|---|---|
| field | string | Always "secret" |
| name | string | Stable secret identity, usually the environment variable name |
| change | "added" | "rotated" | "removed" | "renamed" | "hosts updated" | "placeholder updated" | Natural change type for table rendering |
| beforeRef | string | null | Previous guest-visible reference or placeholder |
| afterRef | string | null | New guest-visible reference or placeholder |
| disposition | "live" | "next start" | "requires restart" | "unsupported" | When or whether the change can take effect |
| allowHosts | string[] | Allowed hosts after the requested change |
| reason | string | null | Human-readable reason for the classification, when useful |
ResourceResizeStatus reports runtime convergence for a live resize; enforcement applies immediately, the guest converges asynchronously:
| Field | Type | Description |
|---|---|---|
| resource | "cpus" | "memory" | Resource being resized |
| requested | string | Requested value |
| actual | string | Actual value observed in the guest/runtime |
| enforced | string | Host/VMM-enforced value |
| state | "accepted" | "converging" | "applied" | "guest-refused" | "failed" | "applied" when requested, actual, and enforced match; "converging" while the guest is still onlining CPUs or plugging memory; "guest-refused" when the guest would not cooperate (the host enforces the new limit anyway) |
SandboxPingResult
Returned by ping()
Agent reachability result.| Field | Type | Description |
|---|---|---|
| name | string | Sandbox name |
| latencyMs | number | Round-trip latency in milliseconds |
SandboxTouchResult
Returned by touch()
Explicit idle-refresh result.| Field | Type | Description |
|---|---|---|
| name | string | Sandbox name |
| activitySeq | number | Monotonic activity sequence after the touch |
SandboxMetrics
Returned by metrics() · yielded by MetricsStream
Point-in-time resource usage snapshot.| Field | Type | Description |
|---|---|---|
| cpuPercent | number | CPU usage as a percentage |
| vcpuTimeNs | number | Cumulative vCPU time in nanoseconds |
| memoryBytes | number | Current memory usage in bytes |
| memoryAvailableBytes | number | null | Guest-visible available memory in bytes when reported |
| memoryHostResidentBytes | number | null | Host-resident memory backing the guest in bytes when reported |
| memoryLimitBytes | number | Memory limit in bytes |
| diskReadBytes | number | Total bytes read from disk since boot |
| diskWriteBytes | number | Total bytes written to disk since boot |
| netRxBytes | number | Total bytes received over the network since boot |
| netTxBytes | number | Total bytes sent over the network since boot |
| upperUsedBytes | number | null | Guest-visible OCI upper filesystem used bytes when the protected reporter is available and fresh |
| upperFreeBytes | number | null | Guest-visible OCI upper filesystem free bytes when the protected reporter is available and fresh |
| upperHostAllocatedBytes | number | null | Host-allocated bytes for the writable OCI upper image when available |
| uptimeMs | number | Time since the sandbox was created (ms) |
| timestamp | Date | When this measurement was taken |
SandboxStopResult
Returned by waitUntilStopped()
Observed terminal sandbox state returned bywaitUntilStopped().
| Field | Type | Description |
|---|---|---|
| name | string | Sandbox name |
| status | SandboxStatus | Terminal status that was observed |
| exitCode | number | null | Process exit code when it is available |
| signal | number | null | Terminating signal when the process was killed |
| observedAt | Date | When the terminal state was observed |
| source | string | null | Origin of the observation when reported |
SandboxStatus
Used by SandboxHandle.status · SandboxStopResult.status
Current lifecycle state of a sandbox. String literal type.| Value | Description |
|---|---|
"running" | Guest agent is ready; exec, shell, fs work |
"stopped" | VM shut down; configuration persisted; can be restarted |
"crashed" | VM exited unexpectedly (kernel panic, OOM, etc.) |
"draining" | Graceful shutdown in progress; existing commands finish, new ones rejected |