Skip to content

[Feature]: SmolVM competitive roadmap for Milestone #1 #114

Description

@aniketmaurya

Problem statement

SmolVM is strong at disposable VM isolation, snapshots, browser automation, callback hooks, and local-first workflows. Milestone #1 should prioritize high-return adoption work and the core security improvements that make SmolVM safer to use in agent workflows.

Current product judgment:

  • A TypeScript/Node client is the quickest adoption win because many agent builders work in the JavaScript ecosystem.
  • Community integrations should make SmolVM easy to try from the agent frameworks people already use.
  • Native OCI image pulls are less urgent now that SmolVM supports building with a Dockerfile.
  • Deny-by-default networking and guest-safe secret substitution remain high-value security work.

Milestone #1 scope

  1. Build a TypeScript/Node client. Match the core Python SDK surface for sandbox lifecycle, command execution, image/build config, env, mounts, ports, and network policy inputs.
  2. Ship community integrations. Add examples or adapters for OpenAI Agents SDK, Claude SDK, LangChain SDK, OpenAI Codex Python SDK, and a VNC server demo with CUA.
  3. Design deny-by-default networking. Support explicit allow rules around domains, ports, CIDR ranges, public/private/host destinations, DNS behavior, and ingress versus egress.
  4. Design guest-safe secret substitution. Let users call approved external services without writing real credentials into the guest filesystem.
  5. Improve command execution. Keep moving toward guest-agent/vsock where possible, streaming output, stdin, and per-command options such as timeout, cwd, env, and resource limits.
  6. Expose basic per-sandbox metrics. Add enough CPU, memory, disk, and network visibility to debug usage and support future quotas.
  7. Polish Dockerfile-based image UX. Treat direct OCI image support as a later gap unless Dockerfile-based builds prove materially frustrating for users.

Later milestones

Defer broader or heavier platform work until the core adoption and security work is moving:

  • Native OCI image pulls from registries.
  • Go SDK and other language clients after the TypeScript/Node client proves the SDK shape.
  • Named volumes, tmpfs, and volume quotas.
  • TLS interception and advanced DNS filtering.
  • Full desktop environments, VS Code Web, GPU support, Kubernetes runtime, and RBAC.
  • Direct MCP server integration.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Todo

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions