wrenn/sandbox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14 Commits 2 Branches 0 Tags
63e9132d3822a5a7d6acdfa1d21f0c45c21d9793
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
pptx704 63e9132d38 Add device-mapper snapshots, test UI, fix pause ordering and lint errors 
- Replace reflink rootfs copy with device-mapper snapshots (shared
  read-only loop device per base template, per-sandbox sparse CoW file)
- Add devicemapper package with create/restore/remove/flatten operations
  and refcounted LoopRegistry for base image loop devices
- Fix pause ordering: destroy VM before removing dm-snapshot to avoid
  "device busy" error (FC must release the dm device first)
- Add test UI at GET /test for sandbox lifecycle management (create,
  pause, resume, destroy, exec, snapshot create/list/delete)
- Fix DirSize to report actual disk usage (stat.Blocks * 512) instead
  of apparent size, so sparse CoW files report correctly
- Add timing logs to pause flow for performance diagnostics
- Fix all lint errors across api, network, vm, uffd, and sandbox packages
- Remove obsolete internal/filesystem package (replaced by devicemapper)
- Update CLAUDE.md with device-mapper architecture documentation
2026-03-13 08:25:40 +06:00
cmd
Add device-mapper snapshots, test UI, fix pause ordering and lint errors
2026-03-13 08:25:40 +06:00
db
Add sandbox snapshot and restore with UFFD lazy memory loading
2026-03-12 09:19:37 +06:00
deploy
Initial project structure for Wrenn Sandbox
2026-03-09 17:22:47 +06:00
envd
Add sandbox snapshot and restore with UFFD lazy memory loading
2026-03-12 09:19:37 +06:00
images
Fix guest VM outbound networking and DNS resolution
2026-03-11 06:02:31 +06:00
internal
Add device-mapper snapshots, test UI, fix pause ordering and lint errors
2026-03-13 08:25:40 +06:00
proto
Add sandbox snapshot and restore with UFFD lazy memory loading
2026-03-12 09:19:37 +06:00
scripts
Add minimal control plane with REST API, database, and reconciler
2026-03-10 16:50:12 +06:00
tests
Initial project structure for Wrenn Sandbox
2026-03-09 17:22:47 +06:00
.env.example
Add sandbox snapshot and restore with UFFD lazy memory loading
2026-03-12 09:19:37 +06:00
.gitignore
Initial project structure for Wrenn Sandbox
2026-03-09 17:22:47 +06:00
CLAUDE.md
Add device-mapper snapshots, test UI, fix pause ordering and lint errors
2026-03-13 08:25:40 +06:00
go.mod
Add device-mapper snapshots, test UI, fix pause ordering and lint errors
2026-03-13 08:25:40 +06:00
go.sum
Add device-mapper snapshots, test UI, fix pause ordering and lint errors
2026-03-13 08:25:40 +06:00
LICENSE
Added basic license information
2026-03-10 04:28:51 +06:00
Makefile
Add minimal control plane with REST API, database, and reconciler
2026-03-10 16:50:12 +06:00
NOTICE
Made license related changes
2026-03-13 05:42:10 +06:00
README.md
Rewrite CLAUDE.md and README.md
2026-03-11 06:37:11 +06:00
sqlc.yaml
Add minimal control plane with REST API, database, and reconciler
2026-03-10 16:50:12 +06:00

README.md

Wrenn Sandbox

MicroVM-based code execution platform. Firecracker VMs, not containers. Pool-based pricing, persistent sandboxes, Python/TS/Go SDKs.

Deployment

Prerequisites

  • Linux host with /dev/kvm access (bare metal or nested virt)
  • Firecracker binary at /usr/local/bin/firecracker
  • PostgreSQL
  • Go 1.25+

Build

make build    # outputs to builds/

Produces three binaries: wrenn-cp (control plane), wrenn-agent (host agent), envd (guest agent).

Host setup

The host agent machine needs:

# Kernel for guest VMs
mkdir -p /var/lib/wrenn/kernels
# Place a vmlinux kernel at /var/lib/wrenn/kernels/vmlinux

# Rootfs images
mkdir -p /var/lib/wrenn/images
# Build or place .ext4 rootfs images (e.g., minimal.ext4)

# Sandbox working directory
mkdir -p /var/lib/wrenn/sandboxes

# Enable IP forwarding
sysctl -w net.ipv4.ip_forward=1

Configure

Copy .env.example to .env and edit:

# Required
DATABASE_URL=postgres://wrenn:wrenn@localhost:5432/wrenn?sslmode=disable

# Control plane
CP_LISTEN_ADDR=:8000
CP_HOST_AGENT_ADDR=http://localhost:50051

# Host agent
AGENT_LISTEN_ADDR=:50051
AGENT_KERNEL_PATH=/var/lib/wrenn/kernels/vmlinux
AGENT_IMAGES_PATH=/var/lib/wrenn/images
AGENT_SANDBOXES_PATH=/var/lib/wrenn/sandboxes

Run

# Apply database migrations
make migrate-up

# Start host agent (requires root)
sudo ./builds/wrenn-agent

# Start control plane
./builds/wrenn-cp

Control plane listens on CP_LISTEN_ADDR (default :8000). Host agent listens on AGENT_LISTEN_ADDR (default :50051).

Rootfs images

envd must be baked into every rootfs image. After building:

make build-envd
bash scripts/update-debug-rootfs.sh /var/lib/wrenn/images/minimal.ext4

Development

make dev          # Start PostgreSQL (Docker), run migrations, start control plane
make dev-agent    # Start host agent (separate terminal, sudo)
make check        # fmt + vet + lint + test

See CLAUDE.md for full architecture documentation.

Description
Sandbox platform for wrenn
Readme 929 KiB
Languages
Makefile 100%