Problem statement
SmolVM is strong at disposable VM isolation, snapshots, browser automation, callback hooks, and local-first workflows. Milestone #1 should prioritize high-return adoption work and the core security improvements that make SmolVM safer to use in agent workflows.
Current product judgment:
- A TypeScript/Node client is the quickest adoption win because many agent builders work in the JavaScript ecosystem.
- Community integrations should make SmolVM easy to try from the agent frameworks people already use.
- Native OCI image pulls are less urgent now that SmolVM supports building with a Dockerfile.
- Deny-by-default networking and guest-safe secret substitution remain high-value security work.
Milestone #1 scope
- Build a TypeScript/Node client. Match the core Python SDK surface for sandbox lifecycle, command execution, image/build config, env, mounts, ports, and network policy inputs.
- Ship community integrations. Add examples or adapters for OpenAI Agents SDK, Claude SDK, LangChain SDK, OpenAI Codex Python SDK, and a VNC server demo with CUA.
- Design deny-by-default networking. Support explicit allow rules around domains, ports, CIDR ranges, public/private/host destinations, DNS behavior, and ingress versus egress.
- Design guest-safe secret substitution. Let users call approved external services without writing real credentials into the guest filesystem.
- Improve command execution. Keep moving toward guest-agent/vsock where possible, streaming output, stdin, and per-command options such as timeout, cwd, env, and resource limits.
- Expose basic per-sandbox metrics. Add enough CPU, memory, disk, and network visibility to debug usage and support future quotas.
- Polish Dockerfile-based image UX. Treat direct OCI image support as a later gap unless Dockerfile-based builds prove materially frustrating for users.
Later milestones
Defer broader or heavier platform work until the core adoption and security work is moving:
- Native OCI image pulls from registries.
- Go SDK and other language clients after the TypeScript/Node client proves the SDK shape.
- Named volumes, tmpfs, and volume quotas.
- TLS interception and advanced DNS filtering.
- Full desktop environments, VS Code Web, GPU support, Kubernetes runtime, and RBAC.
- Direct MCP server integration.
Problem statement
SmolVM is strong at disposable VM isolation, snapshots, browser automation, callback hooks, and local-first workflows. Milestone #1 should prioritize high-return adoption work and the core security improvements that make SmolVM safer to use in agent workflows.
Current product judgment:
Milestone #1 scope
Later milestones
Defer broader or heavier platform work until the core adoption and security work is moving: