Module: Microsandbox

Defined in:

lib/microsandbox.rb,
lib/microsandbox/fs.rb,
lib/microsandbox/ssh.rb,
lib/microsandbox/agent.rb,
lib/microsandbox/image.rb,
lib/microsandbox/patch.rb,
lib/microsandbox/errors.rb,
lib/microsandbox/volume.rb,
lib/microsandbox/metrics.rb,
lib/microsandbox/network.rb,
lib/microsandbox/sandbox.rb,
lib/microsandbox/streams.rb,
lib/microsandbox/version.rb,
lib/microsandbox/snapshot.rb,
lib/microsandbox/log_entry.rb,
lib/microsandbox/exec_handle.rb,
lib/microsandbox/exec_output.rb

Overview

Microsandbox — lightweight microVM sandboxes for Ruby.

The runtime is embedded directly in the process via a Rust native extension; there is no daemon to install and no server to connect to. Creating a sandbox spawns a real microVM as a child process.

Examples:

Microsandbox::Sandbox.create("hello", image: "python") do |sb|
  puts sb.exec("python", ["-c", "print('Hello, World!')"]).stdout
end

Defined Under Namespace

Modules: Destination, Patch, Rule Classes: AgentClient, AgentFrame, AgentStream, Error, ExecEvent, ExecHandle, ExecOutput, ExecStdin, ExitStatus, FS, FsEntry, FsMetadata, Image, ImageDetail, ImageInfo, ImagePruneReport, LogEntry, LogStream, Metrics, MetricsStream, NetworkPolicy, Sandbox, SandboxHandle, SandboxStopResult, SftpClient, Snapshot, SnapshotInfo, SnapshotVerifyReport, SshClient, SshOps, SshOutput, SshServer, Volume, VolumeInfo

Constant Summary

SandboxInfo =

Deprecated.

since v0.5.8. Microsandbox::Sandbox.get/Microsandbox::Sandbox.list now return a controllable SandboxHandle; this constant remains as an alias so code that referenced the old read-only metadata type by name (e.g. ‘is_a?` checks) still resolves. Note it is now the same class as SandboxHandle, whose constructor takes a native handle, not the metadata Hash the old `SandboxInfo.new` accepted — construct via Microsandbox::Sandbox.get/Microsandbox::Sandbox.list.

SandboxHandle

VERSION =

Gem version. Tracks the upstream microsandbox runtime (currently ‘v0.5.8`, the pinned core-crate tag); the patch segment advances for gem-only revisions that add bindings atop the same core. Must equal the native ext’s Cargo crate version (‘Native.version`), enforced by spec/unit/version_spec.rb.

"0.5.12"

Class Method Summary

• .all_sandbox_metrics ⇒ Hash{String => Metrics}

  Latest resource-usage snapshot for every running sandbox, keyed by name.

• .default_backend_kind ⇒ Symbol

  The active default backend kind, :local or :cloud.

• .ensure_runtime! ⇒ nil

  Ensure the ‘msb` runtime + `libkrunfw` are present, provisioning them on first use if not.

• .install ⇒ nil

  Download and install the ‘msb` runtime + `libkrunfw` into `~/.microsandbox` (idempotent).

• .installed? ⇒ Boolean

  Whether the runtime is installed and resolvable.

• .libkrunfw_path=(path) ⇒ void

  Override the ‘libkrunfw` shared-library path (SDK tier of the resolver, below the `MSB_LIBKRUNFW_PATH` environment variable).

• .runtime_path ⇒ String

  The resolved path to the ‘msb` runtime binary.

• .runtime_path=(path) ⇒ void

  Override the ‘msb` runtime path (highest-priority SDK tier of the resolver, below only the `MSB_PATH` environment variable).

• .set_default_backend(kind, url: nil, api_key: nil, profile: nil) ⇒ void

  Install a process-wide default backend (v0.5.8 backend routing).

• .version ⇒ String

  The gem version.

• .with_backend(kind, url: nil, api_key: nil, profile: nil) { ... } ⇒ Object

  Run the given block with a temporary default backend, restoring the previous one afterward (even on error).

Class Method Details

.all_sandbox_metrics ⇒ Hash{String => Metrics}

Latest resource-usage snapshot for every running sandbox, keyed by name. Mirrors the official ‘all_sandbox_metrics`/`allSandboxMetrics` helpers.

Returns:

• (Hash{String => Metrics})

# File 'lib/microsandbox.rb', line 171

def all_sandbox_metrics
  Native.all_sandbox_metrics.transform_values { |m| Metrics.new(m) }
end

.default_backend_kind ⇒ Symbol

Returns the active default backend kind, :local or :cloud. The first call resolves the env/profile/config ladder.

Returns:

• (Symbol) —

  the active default backend kind, :local or :cloud. The first call resolves the env/profile/config ladder.

# File 'lib/microsandbox.rb', line 164

def default_backend_kind
  Native.default_backend_kind.to_sym
end

.ensure_runtime! ⇒ nil

Ensure the ‘msb` runtime + `libkrunfw` are present, provisioning them on first use if not. Called automatically by Microsandbox::Sandbox.create/Microsandbox::Sandbox.start so precompiled-gem users (who never ran the source build) get a working runtime without a manual install step.

The download is attempted at most once per process. Opt out by setting ‘MICROSANDBOX_NO_AUTO_INSTALL` (e.g. air-gapped hosts that provision the runtime out of band); the subsequent operation then surfaces the missing runtime itself. Already-installed runtimes (e.g. source builds) skip straight through with only a cheap presence check.

Returns:

• (nil)

# File 'lib/microsandbox.rb', line 79

def ensure_runtime!
  return if @runtime_ready
  # A cloud backend has no local msb/libkrunfw runtime to provision: skip the
  # presence check and the first-use download entirely. Resolving the kind
  # uses the same lazy env/profile/config ladder every operation already
  # consults, so this adds no work for local hosts (the common case).
  return if default_backend_kind == :cloud
  if installed?
    @runtime_ready = true
    return
  end
  return if auto_install_disabled?

  warn "[microsandbox] runtime (msb + libkrunfw) not found; " \
       "downloading to ~/.microsandbox (set MICROSANDBOX_NO_AUTO_INSTALL to skip)..."
  install
  @runtime_ready = true
  nil
end

.install ⇒ nil

Download and install the ‘msb` runtime + `libkrunfw` into `~/.microsandbox` (idempotent).

When the gem is built from source, the native extension provisions the runtime at build time, so this is usually a no-op. Precompiled platform gems (which skip the local Rust build) do NOT provision it that way, so the runtime is fetched on first use — see ensure_runtime!. Call this explicitly to provision ahead of time (e.g. while baking a container image) so the first Microsandbox::Sandbox.create doesn’t pay the download.

Returns:

• (nil)

# File 'lib/microsandbox.rb', line 58

def install
  Native.install
  nil
end

.installed? ⇒ Boolean

Returns whether the runtime is installed and resolvable.

Returns:

• (Boolean) —

  whether the runtime is installed and resolvable

# File 'lib/microsandbox.rb', line 64

def installed?
  Native.installed?
end

.libkrunfw_path=(path) ⇒ void

This method returns an undefined value.

Override the ‘libkrunfw` shared-library path (SDK tier of the resolver, below the `MSB_LIBKRUNFW_PATH` environment variable). Process-level and set-once: a second call is silently ignored, and the env var still wins. Mirrors runtime_path= for libkrunfw.

Parameters:

• path (String)

# File 'lib/microsandbox.rb', line 118

def libkrunfw_path=(path)
  Native.set_runtime_libkrunfw_path(path.to_s)
end

.runtime_path ⇒ String

Returns the resolved path to the ‘msb` runtime binary.

Returns:

• (String) —

  the resolved path to the ‘msb` runtime binary

# File 'lib/microsandbox.rb', line 100

def runtime_path
  Native.resolved_msb_path
end

.runtime_path=(path) ⇒ void

This method returns an undefined value.

Override the ‘msb` runtime path (highest-priority SDK tier of the resolver, below only the `MSB_PATH` environment variable).

Parameters:

• path (String)

# File 'lib/microsandbox.rb', line 108

def runtime_path=(path)
  Native.set_runtime_msb_path(path.to_s)
end

.set_default_backend(kind, url: nil, api_key: nil, profile: nil) ⇒ void

This method returns an undefined value.

Install a process-wide default backend (v0.5.8 backend routing). Without a call to this, operations use a local libkrun backend; the env/profile ladder (‘MSB_BACKEND`, `MSB_API_URL`+`MSB_API_KEY`, `MSB_PROFILE`, `~/.microsandbox/config.json`) is resolved lazily on first use. Call once at startup, before any sandbox operations.

Parameters:

• kind ("local", "cloud", Symbol) —

  backend kind

• url (String, nil) (defaults to: nil) —

  cloud control-plane URL (cloud, unless ‘profile:`)

• api_key (String, nil) (defaults to: nil) —

  cloud API key (cloud, unless ‘profile:`)

• profile (String, nil) (defaults to: nil) —

  named profile from ‘~/.microsandbox/config.json`

# File 'lib/microsandbox.rb', line 133

def set_default_backend(kind, url: nil, api_key: nil, profile: nil)
  Native.set_default_backend(kind.to_s, url&.to_s, api_key&.to_s, profile&.to_s)
end

.version ⇒ String

Returns the gem version.

Returns:

• (String) —

  the gem version

# File 'lib/microsandbox.rb', line 44

def version
  VERSION
end

.with_backend(kind, url: nil, api_key: nil, profile: nil) { ... } ⇒ Object

Run the given block with a temporary default backend, restoring the previous one afterward (even on error). NOTE: the swap is process-wide while the block runs, not fiber/thread-local — concurrent threads observe the temporary backend. It is also NOT safe to call from multiple threads at once: two interleaved ‘with_backend` calls can restore each other’s saved backend out of order and leave a temporary backend installed permanently. Use it only when no other thread is changing the backend, and avoid calling set_default_backend inside the block (the restore on exit would overwrite that change). Mirrors the official SDKs’ scoped-backend helper.

Parameters:

• kind ("local", "cloud", Symbol)
• url (String, nil) (defaults to: nil)
• api_key (String, nil) (defaults to: nil)
• profile (String, nil) (defaults to: nil)

Yields:

• with the temporary backend installed

Returns:

• (Object) —

  the block’s return value

# File 'lib/microsandbox.rb', line 153

def with_backend(kind, url: nil, api_key: nil, profile: nil)
  token = Native.push_default_backend(kind.to_s, url&.to_s, api_key&.to_s, profile&.to_s)
  begin
    yield
  ensure
    Native.pop_default_backend(token)
  end
end