microsandbox-rb 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 158469a5ebe84ee4863c2a141cbeb486407bfc5ee05866be9005f9aee3bd249d
4
- data.tar.gz: ef08b6519ac87f66c20f704e4c55590f56b3d6c05fa01ab6f9187db46f8b43af
3
+ metadata.gz: 06dc745a315d5d79f21e702032d45a984dbf53110e3375bb560de9cb008866d6
4
+ data.tar.gz: 9168ece64600356ce88ed3c3ed42cc88f4354f3619abfdc32fabd578745cf6c4
5
5
  SHA512:
6
- metadata.gz: d63ed9d45bdf68fb2f8352927412b23debd45e5e011f30a835fd2e75bae206e2ce19d1875c6099ce72c808c7d5e05e62a459f81794589e090ab837b9541d5da7
7
- data.tar.gz: '09a726c22f8b12ecb0d575f0c4e20ce446aa5761cf5ed8cc15155a6b567e7ee867c4f95545a9595f786b88ec2f6dbd75b1bfe721fb629025ce8bfc19aa63fda0'
6
+ metadata.gz: d8fed4d0957be541dd5de600dd24386ff7b62d9933e45e244a49200185989cb8427279c80234038a4355aee296fdc96ec1cd5738e4bcf3fae48b27388f7dcad5
7
+ data.tar.gz: 9310a3b2d3a0322e701bc85cbfe6b820576b4254c3d49099bbfcab07690421c1e2d9705d0106e1d2931fb3516a0d462401758d5393552810427a6891ed6fc79e
data/CHANGELOG.md CHANGED
@@ -8,6 +8,48 @@ wraps, and the README's Versioning section keeps the full gem→runtime map.
8
8
 
9
9
  ## [Unreleased]
10
10
 
11
+ ## [0.8.0] - 2026-06-25
12
+
13
+ Adopts upstream runtime **`v0.5.10`** (up from the `v0.5.8` that `0.7.0` shipped).
14
+ Runtime-only bump — no public Ruby API change.
15
+
16
+ ### Runtime
17
+
18
+ - **Adopted upstream `v0.5.10`** — the `microsandbox`/`microsandbox-network` git
19
+ deps and `Microsandbox::RUNTIME_VERSION` now pin `v0.5.10`. This is the runtime
20
+ bump originally attempted against `v0.5.9` during the `0.7.0` cycle and reverted:
21
+ upstream's `v0.5.9` git tag predated its own crate-version bump, so the prebuilt
22
+ runtime-provisioning path (`PREBUILT_VERSION = env!("CARGO_PKG_VERSION")`)
23
+ resolved to `0.5.8` and downloaded a `msb` that rejected the new `--config-fd`
24
+ flag the SDK unconditionally passes — every `Sandbox.create` died at boot.
25
+ Upstream chose not to re-tag (most package registries forbid republishing a tag)
26
+ and instead cut a clean **`v0.5.10`** whose tag carries the matching crate
27
+ version `0.5.10` (upstream
28
+ [#1029](https://github.com/superradcompany/microsandbox/issues/1029)). The bump
29
+ carries the following upstream changes:
30
+ - **Heartbeat no longer reclaims busy sandboxes** (upstream #1011). The host
31
+ watchdog is now idle-detection only — a healthy sandbox with an active (or
32
+ briefly starved) `exec` session is never killed for a stale heartbeat, the
33
+ way it could be before.
34
+ - **Launch config moved off the process argv** (upstream #1006). Bulky and
35
+ secret-bearing config (the network blob, env) is handed to the sandbox over
36
+ an inherited, unlinked-tempfile fd instead of `--`-flags, so it no longer
37
+ leaks into `ps` / `/proc/<pid>/cmdline`.
38
+
39
+ ### Changed
40
+
41
+ - **Directory bind mounts now carry a default 4 GiB guest-write quota**
42
+ (upstream #1020). Any `volumes:` entry that binds a host directory (e.g.
43
+ `volumes: { "/out" => "/host/out" }`) is given a `DEFAULT_BIND_QUOTA_MIB`
44
+ (4096 MiB) guest-write budget by the v0.5.10 runtime when no explicit quota is
45
+ set, so a sandbox can no longer fill the host disk through a bind mount. This
46
+ is a **behavior change**: a workload that wrote more than 4 GiB to a bind mount
47
+ under the `v0.5.8` runtime (`0.7.0`) will now fail with `ENOSPC`. The gem does
48
+ not yet expose a per-bind quota override (named-volume `Volume.create` accepts
49
+ `quota_mib:`, but the inline bind-mount path does not) — that escape hatch is a
50
+ tracked follow-up. Until then, route large-write mounts through a named volume
51
+ with an explicit `quota_mib:`.
52
+
11
53
  ## [0.7.0] - 2026-06-23
12
54
 
13
55
  A large parity release closing the binding gaps an audit against the upstream
data/Cargo.lock CHANGED
@@ -3003,8 +3003,8 @@ dependencies = [
3003
3003
 
3004
3004
  [[package]]
3005
3005
  name = "microsandbox"
3006
- version = "0.5.8"
3007
- source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.8#47d0cdf1ef3b4b41885eb3efd67b759fd5540e9e"
3006
+ version = "0.5.10"
3007
+ source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
3008
3008
  dependencies = [
3009
3009
  "anyhow",
3010
3010
  "astral-tokio-tar",
@@ -3056,8 +3056,8 @@ dependencies = [
3056
3056
 
3057
3057
  [[package]]
3058
3058
  name = "microsandbox-agent-client"
3059
- version = "0.5.8"
3060
- source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.8#47d0cdf1ef3b4b41885eb3efd67b759fd5540e9e"
3059
+ version = "0.5.10"
3060
+ source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
3061
3061
  dependencies = [
3062
3062
  "ciborium",
3063
3063
  "microsandbox-protocol",
@@ -3069,8 +3069,8 @@ dependencies = [
3069
3069
 
3070
3070
  [[package]]
3071
3071
  name = "microsandbox-db"
3072
- version = "0.5.8"
3073
- source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.8#47d0cdf1ef3b4b41885eb3efd67b759fd5540e9e"
3072
+ version = "0.5.10"
3073
+ source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
3074
3074
  dependencies = [
3075
3075
  "async-trait",
3076
3076
  "sea-orm",
@@ -3081,8 +3081,8 @@ dependencies = [
3081
3081
 
3082
3082
  [[package]]
3083
3083
  name = "microsandbox-filesystem"
3084
- version = "0.5.8"
3085
- source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.8#47d0cdf1ef3b4b41885eb3efd67b759fd5540e9e"
3084
+ version = "0.5.10"
3085
+ source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
3086
3086
  dependencies = [
3087
3087
  "libc",
3088
3088
  "microsandbox-utils",
@@ -3094,8 +3094,8 @@ dependencies = [
3094
3094
 
3095
3095
  [[package]]
3096
3096
  name = "microsandbox-image"
3097
- version = "0.5.8"
3098
- source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.8#47d0cdf1ef3b4b41885eb3efd67b759fd5540e9e"
3097
+ version = "0.5.10"
3098
+ source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
3099
3099
  dependencies = [
3100
3100
  "astral-tokio-tar",
3101
3101
  "async-compression",
@@ -3120,8 +3120,8 @@ dependencies = [
3120
3120
 
3121
3121
  [[package]]
3122
3122
  name = "microsandbox-metrics"
3123
- version = "0.5.8"
3124
- source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.8#47d0cdf1ef3b4b41885eb3efd67b759fd5540e9e"
3123
+ version = "0.5.10"
3124
+ source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
3125
3125
  dependencies = [
3126
3126
  "chrono",
3127
3127
  "libc",
@@ -3131,8 +3131,8 @@ dependencies = [
3131
3131
 
3132
3132
  [[package]]
3133
3133
  name = "microsandbox-migration"
3134
- version = "0.5.8"
3135
- source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.8#47d0cdf1ef3b4b41885eb3efd67b759fd5540e9e"
3134
+ version = "0.5.10"
3135
+ source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
3136
3136
  dependencies = [
3137
3137
  "sea-orm-migration",
3138
3138
  "serde_json",
@@ -3140,8 +3140,8 @@ dependencies = [
3140
3140
 
3141
3141
  [[package]]
3142
3142
  name = "microsandbox-network"
3143
- version = "0.5.8"
3144
- source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.8#47d0cdf1ef3b4b41885eb3efd67b759fd5540e9e"
3143
+ version = "0.5.10"
3144
+ source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
3145
3145
  dependencies = [
3146
3146
  "base64",
3147
3147
  "bytes",
@@ -3180,8 +3180,8 @@ dependencies = [
3180
3180
 
3181
3181
  [[package]]
3182
3182
  name = "microsandbox-protocol"
3183
- version = "0.5.8"
3184
- source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.8#47d0cdf1ef3b4b41885eb3efd67b759fd5540e9e"
3183
+ version = "0.5.10"
3184
+ source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
3185
3185
  dependencies = [
3186
3186
  "chrono",
3187
3187
  "ciborium",
@@ -3195,8 +3195,8 @@ dependencies = [
3195
3195
 
3196
3196
  [[package]]
3197
3197
  name = "microsandbox-runtime"
3198
- version = "0.5.8"
3199
- source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.8#47d0cdf1ef3b4b41885eb3efd67b759fd5540e9e"
3198
+ version = "0.5.10"
3199
+ source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
3200
3200
  dependencies = [
3201
3201
  "bytes",
3202
3202
  "chrono",
@@ -3225,8 +3225,8 @@ dependencies = [
3225
3225
 
3226
3226
  [[package]]
3227
3227
  name = "microsandbox-types"
3228
- version = "0.5.8"
3229
- source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.8#47d0cdf1ef3b4b41885eb3efd67b759fd5540e9e"
3228
+ version = "0.5.10"
3229
+ source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
3230
3230
  dependencies = [
3231
3231
  "chrono",
3232
3232
  "serde",
@@ -3237,8 +3237,8 @@ dependencies = [
3237
3237
 
3238
3238
  [[package]]
3239
3239
  name = "microsandbox-utils"
3240
- version = "0.5.8"
3241
- source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.8#47d0cdf1ef3b4b41885eb3efd67b759fd5540e9e"
3240
+ version = "0.5.10"
3241
+ source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
3242
3242
  dependencies = [
3243
3243
  "dirs",
3244
3244
  "libc",
@@ -3249,7 +3249,7 @@ dependencies = [
3249
3249
 
3250
3250
  [[package]]
3251
3251
  name = "microsandbox_rb"
3252
- version = "0.7.0"
3252
+ version = "0.8.0"
3253
3253
  dependencies = [
3254
3254
  "chrono",
3255
3255
  "futures",
data/README.md CHANGED
@@ -383,8 +383,8 @@ change diverged the two numbers — the gem version is **not** a reliable indica
383
383
  of the embedded runtime version. To learn which runtime a build wraps, ask it:
384
384
 
385
385
  ```ruby
386
- Microsandbox::VERSION # => "0.6.0" (the gem's own version)
387
- Microsandbox.runtime_version # => "v0.5.8" (the embedded upstream runtime tag)
386
+ Microsandbox::VERSION # => "0.8.0" (the gem's own version)
387
+ Microsandbox.runtime_version # => "v0.5.10" (the embedded upstream runtime tag)
388
388
  ```
389
389
 
390
390
  | Gem version | Upstream runtime | Notes |
@@ -396,6 +396,8 @@ Microsandbox.runtime_version # => "v0.5.8" (the embedded upstream runtime tag
396
396
  | `0.5.11` | `v0.5.8` | gem-only revision |
397
397
  | `0.5.12` | `v0.5.8` | gem-only revision |
398
398
  | `0.6.0` | `v0.5.8` | gem version decoupled from the upstream tag; adds `runtime_version` |
399
+ | `0.7.0` | `v0.5.8` | SDK parity release (large binding-gap closure) |
400
+ | `0.8.0` | `v0.5.10` | adopts upstream `v0.5.10` (idle-only heartbeat, config-fd hardening, **4 GiB default bind-mount quota**); supersedes the reverted `v0.5.9` attempt |
399
401
 
400
402
  **Going forward** — the gem version moves on its own semver track and no longer
401
403
  mirrors the upstream tag:
@@ -6,8 +6,8 @@ name = "microsandbox_rb"
6
6
  description = "Ruby SDK native extension for microsandbox — secure, fast microVM-based sandboxing."
7
7
  # Must equal Microsandbox::VERSION (lib/microsandbox/version.rb) — Native.version
8
8
  # returns this via env!("CARGO_PKG_VERSION") and version_spec.rb asserts equality.
9
- # The core-crate dependency below stays pinned at its own tag (v0.5.8).
10
- version = "0.7.0"
9
+ # The core-crate dependency below stays pinned at its own tag (v0.5.10).
10
+ version = "0.8.0"
11
11
  authors = ["Super Rad Company <development@superrad.company>"]
12
12
  repository = "https://github.com/superradcompany/microsandbox"
13
13
  license = "Apache-2.0"
@@ -35,8 +35,8 @@ rb-sys = "0.9"
35
35
  # `.cargo/config.toml.example`). "ssh" matches the feature set the Python/Node
36
36
  # SDKs ship with; default features add "prebuilt" (provisions msb + libkrunfw at
37
37
  # build time), "net", and "keyring".
38
- microsandbox = { git = "https://github.com/superradcompany/microsandbox", tag = "v0.5.8", default-features = true, features = ["ssh"] }
39
- microsandbox-network = { git = "https://github.com/superradcompany/microsandbox", tag = "v0.5.8" }
38
+ microsandbox = { git = "https://github.com/superradcompany/microsandbox", tag = "v0.5.10", default-features = true, features = ["ssh"] }
39
+ microsandbox-network = { git = "https://github.com/superradcompany/microsandbox", tag = "v0.5.10" }
40
40
 
41
41
  # Async core bridged to Ruby's synchronous API via a blocking tokio runtime.
42
42
  tokio = { version = "1", features = ["rt-multi-thread", "sync", "time"] }
@@ -8,12 +8,12 @@ module Microsandbox
8
8
  # Versioning section of the README for the full gem-to-runtime map. Must equal
9
9
  # the native ext's Cargo crate version (`Native.version`), enforced by
10
10
  # spec/unit/version_spec.rb.
11
- VERSION = "0.7.0"
11
+ VERSION = "0.8.0"
12
12
 
13
13
  # The upstream microsandbox runtime release this gem build embeds — the `tag`
14
14
  # pinned on the `microsandbox`/`microsandbox-network` git deps in
15
15
  # ext/microsandbox/Cargo.toml. Exposed at runtime as
16
16
  # {Microsandbox.runtime_version}. spec/unit/version_spec.rb asserts it stays in
17
17
  # sync with the Cargo tag so it can't silently drift out of date.
18
- RUNTIME_VERSION = "v0.5.8"
18
+ RUNTIME_VERSION = "v0.5.10"
19
19
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: microsandbox-rb
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0
4
+ version: 0.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - ya-luotao