ContextQMD
Back to Microsandbox

Week of May 1, 2026

docs/changelog/2026-05-01.mdx

0.5.32.7 KB
Original Source
<Tip> **Released this week:** [v0.4.0](https://github.com/superradcompany/microsandbox/releases/tag/v0.4.0) · [v0.4.1](https://github.com/superradcompany/microsandbox/releases/tag/v0.4.1) · [v0.4.2](https://github.com/superradcompany/microsandbox/releases/tag/v0.4.2) · [v0.4.3](https://github.com/superradcompany/microsandbox/releases/tag/v0.4.3) </Tip>

New features

Redesigned TypeScript SDK

Builder API matching the Rust SDK, with await using, typed errors, async iterables, and bundled native binaries (no postinstall download).

ts
await using sandbox = await Sandbox.builder("my-sandbox")
  .image("alpine:latest")
  .cpus(2)
  .create();

See the TypeScript SDK reference.

Redesigned network policy

--network-policy is gone. Rules now carry their own direction, action, target, protocol, and ports through a single grammar: <action>[:<direction>]@<target>[:<proto>[:<ports>]].

bash
msb run alpine --name agent \
  --net-default-egress deny \
  --net-rule "allow@public,allow@host" \
  --net-rule "deny@private:tcp:445"

See the networking overview.

Other features

  • Disk-image volume mounts. Attach qcow2, raw, or vmdk images as virtio-blk devices at any guest path; readonly is now consistent across volume types. See Sandbox volumes.
  • Inline --script flag. Register scripts on the command line with --script NAME=BODY; the file form is now --script-path NAME:PATH. See the CLI reference.
  • msb alias. Installs from npm, pip, and cargo now put both microsandbox and msb on PATH.
  • host.microsandbox.internal. Sandboxes can reach the host through this well-known DNS name.
  • Trust host CAs (opt-in). Sandboxes can trust the host's CA bundle for internal TLS endpoints. See Networking TLS.
  • DNS interception over TCP/53 and DoT/853. Closes gaps where apps bypassed policy by switching transports. See Networking DNS.
  • Custom TLS certs and insecure registries for self-hosted image registries. See the images overview.
  • Per-sandbox libkrunfw override for SDK callers developing against unreleased firmware.
  • Installer rejects unsupported glibc up front, instead of producing confusing runtime errors.

Bug fixes

  • Domain and suffix= rules now enforce consistently across DNS, SNI, and policy layers.
  • The Node/TypeScript SDK supports the same secret injection options as the Rust SDK.
  • macOS reads system nameservers via SCDynamicStore, matching what the OS actually uses.
  • The npm platform package ships libkrunfw under its canonical name, fixing load failures on some Linux distros.