Sandbox management
Use mvmctl when you need the local management layer for sandboxes.
Create or boot
Section titled “Create or boot”mvmctl init ./agent-sandbox --preset pythonmvmctl build ./agent-sandboxmvmctl up ./agent-sandbox --name agent-sandboxmvmctl build uses the builder VM for Linux image construction. mvmctl up boots the runtime guest from the built artifact.
Inspect
Section titled “Inspect”mvmctl lsmvmctl boot-report agent-sandboxmvmctl logs agent-sandboxUse JSON output where commands support it when integrating with tooling.
Operate
Section titled “Operate”mvmctl exec agent-sandbox -- python /work/task.pymvmctl fs ls agent-sandbox /workmvmctl forward agent-sandbox -p 8080:8080Command execution, file operations, and port forwarding cross trust boundaries. Keep command args explicit, file paths narrow, and ports intentional.
Preserve state
Section titled “Preserve state”mvmctl pause agent-sandboxmvmctl resume agent-sandboxFor backend-specific machine-state files:
mvmctl snapshot save agent-sandbox --path /tmp/agent-sandbox.vzsnap --hypervisor vzmvmctl snapshot restore agent-sandbox --path /tmp/agent-sandbox.vzsnap --hypervisor vzSnapshots can contain memory, files, and runtime credentials. Apply retention and deletion policy.
Stop and clean up
Section titled “Stop and clean up”mvmctl down agent-sandboxmvmctl cleanupStopping compute is not the same as deleting all state. Check manifests, volumes, snapshots, and cache entries when you need stronger cleanup.