This guide covers everything you need to build, test, and release microsandbox from source.
For contribution guidelines (forking, commit signing, pull requests), see CONTRIBUTING.md.
- Operating System:
- macOS with Apple Silicon (M1/M2/M3/M4)
- Linux with KVM enabled
- Tools:
just,git, andpre-commit- Linux:
sudo apt install just gitandpip install pre-commit(orsudo apt install pre-commit) - macOS:
brew install just git pre-commit
- Linux:
- Docker (macOS only): Required for cross-compiling
agentdand building the kernel - Rust: Installed automatically by
just setupif missing, or install via rustup
Clone the repository and run the one-time setup:
git clone https://github.com/microsandbox/microsandbox.git
cd microsandbox
just setupjust setup does the following:
- Installs system dependencies (build tools, musl toolchain, etc.)
- Initializes git submodules (
vendor/libkrunfw, etc.) - Builds binary dependencies (
agentdandlibkrunfw) - Builds the
msbCLI - Installs binaries to
~/.microsandbox/bin/and libraries to~/.microsandbox/lib/ - Installs pre-commit hooks
During the build, kernel config prompts may appear — press Enter to accept defaults.
After setup, add these to your shell profile (e.g. ~/.bashrc, ~/.zshrc):
# Linux
export PATH="$HOME/.microsandbox/bin:$PATH"
export LD_LIBRARY_PATH="$HOME/.microsandbox/lib:$LD_LIBRARY_PATH"
# macOS
export PATH="$HOME/.microsandbox/bin:$PATH"
export DYLD_LIBRARY_PATH="$HOME/.microsandbox/lib:$DYLD_LIBRARY_PATH"Verify the installation:
msb --versionThe core development cycle is:
just build && just installThis rebuilds the msb CLI (and ensures agentd and libkrunfw are up to date) then installs the updated binaries to ~/.microsandbox/.
For a release-optimized build:
just build release && just install| Command | Description |
|---|---|
just build |
Build everything (agentd + libkrunfw + msb) in debug mode |
just build release |
Build everything in release mode |
just build-msb |
Build only the msb CLI (debug) |
just build-msb release |
Build only the msb CLI (release) |
just build-deps |
Build only binary dependencies (agentd + libkrunfw) |
just build-agentd |
Build only agentd |
just build-libkrunfw |
Build only libkrunfw |
just install |
Install msb + libkrunfw to ~/.microsandbox/ |
just uninstall |
Remove installed binaries |
just clean |
Remove build/ artifacts and clean libkrunfw |
The project is a Cargo workspace with these crates (in dependency order):
| Crate | Path | Description |
|---|---|---|
microsandbox-utils |
crates/utils |
Shared utilities |
microsandbox-protocol |
crates/protocol |
Wire protocol definitions |
microsandbox-db |
crates/db |
Database layer |
microsandbox-migration |
crates/migration |
Database migrations |
microsandbox-image |
crates/image |
OCI image handling |
microsandbox-filesystem |
crates/filesystem |
Filesystem composition |
microsandbox-network |
crates/network |
smoltcp-based networking |
microsandbox-runtime |
crates/runtime |
VM runtime (libkrun integration) |
microsandbox |
crates/microsandbox |
Public SDK crate |
microsandbox-cli |
crates/cli |
msb CLI binary |
agentd |
crates/agentd |
In-guest agent (excluded from workspace, built separately for musl) |
| Package | Path | Description |
|---|---|---|
microsandbox (npm) |
sdk/node-ts |
TypeScript/Node.js SDK (NAPI bindings) |
microsandbox-mcp (npm) |
mcp/ |
MCP server for AI agents |
vendor/libkrunfw— Submodule for the kernel firmware librarybuild/— Build output (agentd binary, libkrunfw shared library, msb binary)examples/rust/— Rust example projectsexamples/typescript/— TypeScript example projects
Run all workspace tests:
cargo test --workspaceRun tests for a specific crate:
cargo test -p microsandbox-runtimeRun a specific test:
cargo test -p microsandbox test_namejust bench-fsRuns Docker-vs-Microsandbox filesystem benchmarks (14 workloads covering metadata, reads,
writes, deletes, renames, mmap, and concurrent I/O). Results are written as JSON to
build/bench/fs/. See benchmarks/README.md for full usage,
workload descriptions, multi-image runs, and baseline comparison.
Pre-commit hooks are installed by just setup. They run automatically on every commit and check:
cargo fmt --all --check— formattingcargo clippy --workspace -- -D warnings— lintscargo doc— documentation builds without warningscargo build -p microsandbox-cli— CLI compiles- Standard checks (trailing whitespace, merge conflicts, TOML/YAML validity)
- Blocks direct commits to
main
To run all checks manually:
pre-commit run --all-filesIt is recommended to run this once before your first commit.
If pre-commit is not installed, install it with pip install pre-commit (or brew install pre-commit on macOS) and then run pre-commit install.
cargo fmt --all # Format code
cargo clippy --workspace # Run lintsMicrosandbox releases are automated via CI. The process has two steps:
Create a PR that bumps the version across all crates and packages. All crates and packages share the same version number:
Cargo.toml(workspaceversionfield — all crates inherit from this)sdk/node-ts/package.jsonmcp/package.json
The PR title should follow the format: chore: bump version to X.Y.Z
After the version bump PR is merged, create a signed tag on main to trigger the release CI:
git tag -a v0.X.Y -m "v0.X.Y"
git push origin v0.X.YThe release workflow (.github/workflows/release.yml) will:
- Build
msb,agentd, andlibkrunfwfor all platforms (linux-x86_64, linux-aarch64, darwin-aarch64) - Create platform bundles (
.tar.gz) with SHA256 checksums - Create a GitHub release with the bundles
- Publish the Node.js SDK to npm (
microsandbox+ platform packages) - Publish the MCP server to npm (
microsandbox-mcp) - Publish Rust crates to crates.io (in dependency order, 10 crates)
- CONTRIBUTING.md — How to contribute
- CODE_OF_CONDUCT.md — Community code of conduct
- SECURITY.md — Security policies and reporting vulnerabilities