[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-83257":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":9,"totalLinesOfCode":9,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":9,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":18,"stars90d":16,"forks30d":16,"starsTrendScore":19,"compositeScore":20,"rankGlobal":9,"rankLanguage":9,"license":9,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":21,"hasPages":21,"topics":9,"createdAt":9,"pushedAt":9,"updatedAt":23,"readmeContent":24,"aiSummary":25,"trendingCount":16,"starSnapshotCount":16,"syncStatus":26,"lastSyncTime":27,"discoverSource":28},83257,"mxc","microsoft\u002Fmxc","microsoft","Policy-driven, layered isolation and containment ",null,"https:\u002F\u002Fgithub.com\u002Fmicrosoft\u002Fmxc","Rust",866,41,7,13,0,443,488,1329,8.87,false,"main","2026-06-12 02:04:32","# Microsoft eXecution Container (MXC)\n\nMXC is a **sandboxed code execution system** for running untrusted code (model output, plugins, tools) on Windows, Linux, and macOS. It provides multiple containment backends — from OS-native process sandboxes to full VMs — behind a unified JSON configuration schema and TypeScript SDK.\n\n> [!WARNING]\n> This repository contains an early preview of code published to enable early integration and feedback from developers on Microsoft Execution Containers. The underlying sandboxes in this early preview are expected to change as they are under ongoing development however we will aim to minimize compatibility impact as functionality evolves. There are known cases where the current policies generated by the MXC SDK in this repository are overly permissive and will be addressed before this is made more generally available. Security researcher partnership while MXC matures is welcome, however no MXC profiles should be treated as security boundaries currently.\n\n## Features\n\n- **Cross-platform**: Windows, Linux, and macOS support with platform-appropriate containment backends\n- **JSON-based Configuration**: Define execution parameters and security policies via a versioned JSON schema\n- **Multiple Containment Backends**: ProcessContainer, Windows Sandbox, LXC, Bubblewrap, Seatbelt (macOS), MicroVM (NanVix), Hyperlight, IsolationSession, and WSLC\n- **Policy-driven Sandboxing**:\n    - **Filesystem Policy**: Read-only and read-write path lists (denied paths not yet supported on Windows)\n    - **Network Policy**: Proxy support (not supported on macOS); allow\u002Fblock outbound and host filtering (not yet supported on Windows)\n    - **UI Policy**: Clipboard, display, and GUI access controls\n- **State-aware Lifecycle**: Multi-step sandbox lifecycle (provision → start → exec → stop → deprovision) for session sandboxes\n- **TypeScript SDK**: [`@microsoft\u002Fmxc-sdk`](https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002F@microsoft\u002Fmxc-sdk) npm package with one-shot and state-aware APIs\n- **Diagnostics**: Debug logging and Event Tracing for Windows (ETW) for troubleshooting\n\n## Building\n\nMXC ships a native container wrapper plus a TypeScript SDK — see the [SDK README](.\u002Fsdk\u002FREADME.md) for full API documentation.\n\n### Platforms\n\n| Platform | Default backend | Other backends | Minimum build |\n| --- | --- | --- | --- |\n| Windows 11 24H2+ (verified on 25H2) | `processcontainer` | `windows_sandbox`, `wslc`, `microvm`, `hyperlight`, `isolation_session` | `processcontainer`: 26100 (24H2)\u003Cbr>`isolation_session`: 26300.8553 ([Insider Preview](https:\u002F\u002Flearn.microsoft.com\u002Fen-us\u002Fwindows-insider\u002Frelease-notes\u002Fexperimental\u002Fpreview-build-26300-8553)) |\n| Linux x64 \u002F ARM64 | `bubblewrap` | `lxc`, `microvm`, `hyperlight` | — |\n| macOS ARM64 \u002F x64 (schema `0.6.0-alpha`+) | `seatbelt` | — | — |\n\n\nThe stable one-shot backends (`processcontainer`, `bubblewrap`, and `lxc`) do not require experimental mode; Linux hosts also need the matching runtime installed: bwrap (Bubblewrap) for the default backend, or the lxc toolset for the lxc backend. **Experimental backends** (`windows_sandbox`, `wslc`, `microvm`, `seatbelt`, `isolation_session`, `hyperlight`) require `{ experimental: true }` in `SandboxSpawnOptions` or the `--experimental` CLI flag.\n\n\n### Requirements\n\n- [Rust toolchain](https:\u002F\u002Frustup.rs\u002F) — version pinned to **1.93** via `src\u002Frust-toolchain.toml` (auto-selected by `rustup`)\n- Node.js **≥ 18**\n- npm (for SDK and CLI builds)\n\n### Project Structure\n\n```\nsrc\u002F        Rust workspace (native binaries + shared library crates)\nsdk\u002F        TypeScript SDK (@microsoft\u002Fmxc-sdk npm package)\nschemas\u002F    JSON configuration schemas (stable + dev)\ndocs\u002F       Documentation (schema reference, backend guides, design docs)\ntests\u002F      Test collateral (configs, examples, scripts)\nscripts\u002F    Build and utility scripts\n```\n\n### Full Build\n\n#### Windows\n\n```bash\nbuild.bat                  # Release build for current architecture\nbuild.bat --debug          # Debug build\nbuild.bat --all            # Release build for both x64 and ARM64\nbuild.bat --with-microvm   # Include NanVix micro-VM binaries\n```\n\n#### Linux\n\n```bash\n.\u002Fbuild.sh                 # Release build\n.\u002Fbuild.sh --debug         # Debug build\n.\u002Fbuild.sh --rust-only     # Only Rust binaries, skip SDK\u002FCLI\n```\n\n#### macOS\n\n```bash\n.\u002Fbuild-mac.sh             # Release build for native architecture\n.\u002Fbuild-mac.sh --all       # Both Apple Silicon and Intel\n.\u002Fbuild-mac.sh --debug     # Debug build\n.\u002Fbuild-mac.sh --rust-only # Only Rust binary, skip SDK\n```\n\nAll build scripts:\n1. Build the platform-appropriate Rust binary\n2. Copy the binary into `sdk\u002Fbin\u002F\u003Carch>\u002F` (for example, `x64` or `arm64`) for SDK bundling\n\n3. Build the TypeScript SDK\n\n### Building Components Individually\n\n```bash\n# Rust workspace (from src\u002F)\ncargo build --release --target x86_64-pc-windows-msvc     # Windows x64\ncargo build --release --target aarch64-pc-windows-msvc    # Windows ARM64\ncargo build --release -p lxc                               # Linux — lxc-exec (serves both LXC and Bubblewrap)\ncargo build --release -p mxc_darwin --target aarch64-apple-darwin  # macOS\n\n# SDK (from sdk\u002F)\nnpm install && npm run build\n```\n\n### Lint and Format\n\n```bash\n# Windows Rust (from src\u002F)\n\ncargo clippy --workspace --all-targets -- -D warnings\n\n# Linux Rust (from src\u002F; matches build.sh's platform-compatible crate set)\n\ncargo clippy -p lxc -p lxc_common -p wxc_common -p bwrap_common -p linux_test_proxy --all-targets -- -D warnings\n\n# macOS Rust (from src\u002F)\n\ncargo clippy -p mxc_darwin -p seatbelt_common --all-targets -- -D warnings\n```\n\n### Tests\n\n```bash\n# Rust unit tests (from src\u002F)\ncargo test --workspace\ncargo test -p wxc_common                      # Single crate\ncargo test -p wxc_common -- config_parser     # Filter by test name\n\n# SDK (from sdk\u002F)\nnpm test                     # Unit tests\nnpm run test:integration     # Integration tests\n\n# E2E (from src\u002F)\ncargo test -p wxc_e2e_tests\n```\n\n## Usage\n\nMXC uses a JSON configuration to define execution parameters. See the [schema documentation](docs\u002Fschema.md) for full reference.\n\n### Native Binary\n\n```bash\n# File path\nwxc-exec.exe config.json\n\n# Base64-encoded config\nwxc-exec.exe --config-base64 \u003Cbase64-encoded-json>\n\n# Debug output\nwxc-exec.exe --debug config.json\n```\n\nOn Linux: `.\u002Flxc-exec config.json`\nOn macOS: `.\u002Fmxc-exec-mac --experimental config.json`\n\n### TypeScript SDK\n\n```bash\nnpm install @microsoft\u002Fmxc-sdk\n```\n\n```typescript\nimport {\n  spawnSandboxFromConfig, createConfigFromPolicy,\n  getAvailableToolsPolicy, getTemporaryFilesPolicy,\n  getPlatformSupport,\n} from '@microsoft\u002Fmxc-sdk';\n\nif (!getPlatformSupport().isSupported) {\n  throw new Error('MXC not available on this host');\n}\n\nconst tools = getAvailableToolsPolicy(process.env);\nconst temp  = getTemporaryFilesPolicy();\n\nconst config = createConfigFromPolicy({\n  version: '0.6.0-alpha',\n  filesystem: {\n    readonlyPaths:  tools.readonlyPaths,\n    readwritePaths: temp.readwritePaths,\n  },\n  network: { allowOutbound: false },\n  timeoutMs: 30_000,\n});\nconfig.process!.commandLine = 'python -c \"print(\\'hello from sandbox\\')\"';\n\nconst child = spawnSandboxFromConfig(config, { usePty: false });\nchild.stdout!.on('data', (d) => process.stdout.write(d));\nchild.on('close', (code) => console.log('exit:', code));\n```\n\nThe SDK also provides a **state-aware lifecycle** API for long-lived sandboxes:\n\n```typescript\nimport {\n  provisionSandbox, startSandbox, execInSandboxAsync,\n  stopSandbox, deprovisionSandbox,\n} from '@microsoft\u002Fmxc-sdk';\n```\n\nSee the [SDK README](sdk\u002FREADME.md) for full API documentation.\n\n## Schema Versions\n\n| Version | Status | Schema File |\n|---------|--------|-------------|\n| `0.5.0-alpha` | Stable | [`schemas\u002Fstable\u002Fmxc-config.schema.0.5.0-alpha.json`](schemas\u002Fstable\u002Fmxc-config.schema.0.5.0-alpha.json) |\n| `0.6.0-alpha` | Stable (current) | [`schemas\u002Fstable\u002Fmxc-config.schema.0.6.0-alpha.json`](schemas\u002Fstable\u002Fmxc-config.schema.0.6.0-alpha.json) |\n| `0.7.0-dev` | Dev (experimental backends, state-aware lifecycle) | [`schemas\u002Fdev\u002Fmxc-config.schema.0.7.0-dev.json`](schemas\u002Fdev\u002Fmxc-config.schema.0.7.0-dev.json) |\n\nPick `0.6.0-alpha` for new code on any supported platform. See [docs\u002Fversioning.md](docs\u002Fversioning.md) for the full versioning design.\n\n## Debugging\n\n### Debug Console Mode\n\nBy default, native binaries run in **silent mode** — stdin\u002Fstdout\u002Fstderr is coupled directly to the container. Use `--debug` for verbose output:\n\n```bash\nwxc-exec.exe --debug config.json\n```\n\nSee [docs\u002Fdiagnostics.md](docs\u002Fdiagnostics.md) for full diagnostics reference.\n\n## Documentation\n\n| Document | Description |\n|----------|-------------|\n| [docs\u002Fschema.md](docs\u002Fschema.md) | Full JSON configuration schema reference |\n| [docs\u002Fversioning.md](docs\u002Fversioning.md) | Schema versioning and experimental feature lifecycle |\n| [docs\u002Fexamples.md](docs\u002Fexamples.md) | Annotated configuration examples |\n| [docs\u002Fhost-prep.md](docs\u002Fhost-prep.md) | Windows host preparation (`wxc-host-prep.exe`) |\n| [docs\u002Fdiagnostics.md](docs\u002Fdiagnostics.md) | Diagnostic logging and ETW |\n| [docs\u002Fsandbox-policy\u002Fv1\u002Fpolicy.md](docs\u002Fsandbox-policy\u002Fv1\u002Fpolicy.md) | Sandbox policy v1 specification |\n| [docs\u002Fbase-process-container\u002Fguide.md](docs\u002Fbase-process-container\u002Fguide.md) | Windows AppContainer \u002F BaseContainer guide |\n| [docs\u002Flxc-support\u002Flxc-backend.md](docs\u002Flxc-support\u002Flxc-backend.md) | LXC backend (Linux) |\n| [docs\u002Fbwrap-support\u002Fbubblewrap-backend.md](docs\u002Fbwrap-support\u002Fbubblewrap-backend.md) | Bubblewrap backend (Linux) |\n| [docs\u002Fmacos-support\u002Fseatbelt-backend.md](docs\u002Fmacos-support\u002Fseatbelt-backend.md) | Seatbelt backend (macOS) |\n| [docs\u002Fwindows-sandbox\u002Fwindows-sandbox.md](docs\u002Fwindows-sandbox\u002Fwindows-sandbox.md) | Windows Sandbox backend |\n| [docs\u002Fstate-aware-lifecycle\u002Fmxc-state-aware-sandbox-api.md](docs\u002Fstate-aware-lifecycle\u002Fmxc-state-aware-sandbox-api.md) | State-aware sandbox lifecycle API |\n\n## Contributing\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for contribution guidelines.\n\n## License\n\nSee [LICENSE.md](LICENSE.md) for details.","Microsoft eXecution Container (MXC) 是一个沙盒化的代码执行系统，用于在Windows、Linux和macOS上运行不可信代码。该项目使用Rust编写，提供了一种基于JSON配置的统一方法来定义执行参数与安全策略，并支持多种隔离后端，包括操作系统原生进程沙箱到完整的虚拟机。MXC通过策略驱动的沙箱机制控制文件系统、网络及用户界面访问权限，适用于需要对插件、工具或模型输出等外部代码进行安全隔离的场景。此外，它还提供了TypeScript SDK以简化开发流程。尽管当前版本处于早期预览阶段，但其跨平台支持与灵活的配置选项使其成为开发人员探索集成和反馈的理想选择。",2,"2026-06-11 04:10:41","trending"]