Back to microsandbox

Compare

microsandboxvsFirecracker

Firecracker is brilliant infrastructure, the VMM that powers AWS Lambda and Fargate. But it's a primitive, you build everything on top of it. microsandbox uses an embeddable VMM (libkrun) and ships the rest of the stack: cross-platform support, SDKs, secrets, networking, sync. The right comparison is 'engine vs car.'

microsandbox
local + cloud
Firecracker
microVM monitor (AWS, open source)
What it is
Full agent sandbox runtime
Virtual Machine Monitor (VMM)
Maintainer
Super Rad Company
Amazon Web Services
Host platform
macOS · Linux · WSL
Linux only (KVM dependency)
Underlying VMM
libkrun (embeddable, cross-platform)
Firecracker itself
Boot time
Sub-100ms cold start
~125ms VM creation
Programming model
Embed an SDK, sandbox per call
RESTful VMM API · build your own runtime
OCI image support
Native · pull from any registry
Bring your own kernel and rootfs
SDKs
Rust · TypeScript · Python · CLI (Go, Terraform next)
None, just the VMM API
Secrets
TLS-bound substitution · real keys never enter guest
Not provided, build it yourself
Network policy
Programmable allowlist · DNS pinning
Tap interfaces only, build your own policy
Snapshots
Save, fork, restore as a first-class API
Snapshot/restore primitive · you wire it up
Cloud sync
Coming soon
Out of scope
License
Local: Apache 2.0 · Cloud: TBA
Apache 2.0
Pick Firecracker

Pick Firecracker if you're building infrastructure.

  • You're a platform team that wants to build your own sandbox-as-a-service offering.
  • You're Linux-only and want raw control over the VMM lifecycle.
  • You're fine assembling kernels, rootfs images, networking, secrets, and SDKs yourself.
  • You're operating at AWS scale and benchmarking microVM density per host.
Pick microsandbox

Pick microsandbox when you want a runtime, not a kit.

  • You want isolated sandboxes from your application code today, not a 6-month infra project.
  • You need to run on macOS or Windows-via-WSL too, not just Linux.
  • OCI images, secrets injection, snapshots, and a programmable network policy come built in.
  • You want SDKs in Rust and TypeScript already, with Python, Go, and Terraform on the way.
  • You want the same code to run locally and (soon) in the cloud, no second runtime to maintain.
Closed beta

Cloud and on-prem, almost here.

Drop your email and we'll invite you in as the beta opens up.

Want to talk first? Schedule a call