Skip to content

API Reference

Single-owner observable virtual filesystem backed by memfs (hot layer) and OPFS (cold layer). The hot layer is authoritative; OPFS is a best-effort persistence cache that degrades silently. Files not accessed for 5 minutes are evicted from the hot layer (cold layer keeps a copy).

import { VfsBus } from '@bolojs/vfs-bus';
const vfs = new VfsBus();
MethodSignatureDescription
writeFile(path, content: string | Uint8Array) => Promise<void>Write or overwrite a file. Creates parent dirs automatically.
readFile(path) => Promise<string | Uint8Array>Read a file. Falls through to OPFS cold layer if not in hot layer.
exists(path) => booleanSynchronous hot-layer existence check.
mkdir(path, opts?) => voidCreate directory (synchronous, hot layer only).
rm(path, opts?) => voidRemove file or directory (synchronous, hot layer only).
readdir(path) => string[]List directory entries (synchronous).
on(event, handler) => voidSubscribe to filesystem events (see below).
watch(glob, handler) => voidWatch paths matching a glob pattern.
snapshot() => objectExport the full hot-layer state as a plain object.
restore(snap) => voidRestore state from a snapshot() export.
use(middleware) => voidAdd a middleware function that runs before writes.
vfs.on('write', ({ path }) => { /* file written */ });
vfs.on('delete', ({ path }) => { /* file removed */ });
vfs.on('rename', ({ path }) => { /* file renamed */ });

vfs.vol — the underlying memfs Volume (use for low-level operations). vfs.hotmemfs fs interface (sync methods available: readFileSync, writeFileSync, etc.).


Routes shell commands to the appropriate execution tier.

import { ShellService } from '@bolojs/runtime';
const shell = new ShellService({ vfs, packageManager, runtimeWorker, sandbox });
interface ShellServiceDeps {
vfs: VfsBus;
packageManager: PackageManager;
runtimeWorker: RuntimeWorker;
swSandbox?: SWSandbox; // optional: enables `npm run dev`
sandbox?: SandboxBackend; // optional: enables `agent run <script>`
events?: ContainerEvents;
workdir?: string;
}
const result = await shell.execute(command, {
stdout: (data: string) => void, // called incrementally as output arrives
stderr: (data: string) => void,
});
// result: { stdout: string, stderr: string, exitCode: number }
CommandTierNotes
npm install [packages]PackageManagerInstalls into VFS /node_modules
npm run devContainerAdapterRequires sandbox dep; starts BrowserViteServer
runtime run <file>V8 Web WorkerReads file from VFS, runs in RuntimeWorker
agent run <file>SandboxBackendReads file from VFS, runs via whatever sandbox dep is configured

Unknown commands return exit code 127.


SandboxBackend / IframeSandbox (@bolojs/runtime)

Section titled “SandboxBackend / IframeSandbox (@bolojs/runtime)”

Untrusted-code execution is pluggable behind a small interface:

interface SandboxRunResult {
result?: string;
error?: string;
}
interface SandboxBackend {
run(code: string): Promise<SandboxRunResult>;
dispose(): void;
}

The default implementation is IframeSandbox — a cross-origin, opaque-origin iframe (browser-native isolation, no WASM runtime to load):

import { IframeSandbox } from '@bolojs/runtime';
const sandbox = new IframeSandbox();
const { result, error } = await sandbox.run('2 + 2');
// result: '4', error: undefined

fs.readFileSync(path) is available read-only inside the sandbox; write operations (writeFileSync, mkdirSync, rmSync) throw immediately.

For hard, C-level memory/CPU/stack caps (not just origin isolation), implement SandboxBackend with the QuickJS-based SandboxPool from the separate quickjs-sandbox package and pass it as sandbox — it’s opt-in and not a dependency of @bolojs/runtime.


Trusted code execution tier. Runs scripts in a dedicated Web Worker.

import { RuntimeWorker } from '@bolojs/runtime';
const worker = new RuntimeWorker(vfs, sandbox);
new RuntimeWorker(vfs: VfsBus, sandbox: SWSandbox)
worker.onStdout = (data) => console.log(data);
worker.onStderr = (data) => console.error(data);
worker.onExit = (code) => console.log('exit', code);
await worker.runScript(code, { filename: '/index.js', args: [] });

A watchdog terminates the Worker if no heartbeat is received for >10 seconds.


ServiceWorker-based network proxy that intercepts requests to a virtual origin.

import { SWSandbox } from '@bolojs/sw-sandbox';
const sandbox = await SWSandbox.create({ origin: 'https://sandbox.local/', swPath: '/sw.js' });

Registers the service worker at swPath and waits for it to activate. Requires HTTPS (or localhost). Throws if ServiceWorker API is unavailable.

sandbox.onFetch(async (req) => {
if (new URL(req.url).origin === 'https://sandbox.local/') {
return viteServer.onFetch(new URL(req.url).pathname, req);
}
return new Response('Not found', { status: 404 });
});

Attach a Map<string, unknown> of sandbox policies. Used by @bolojs/sandbox-policy.


Extension points (@bolojs/node-runtime-shims)

Section titled “Extension points (@bolojs/node-runtime-shims)”

Some Node.js features need capabilities the browser can’t provide natively. Instead of blocking these forever, createLiveShimRegistry exposes backend hooks:

FeatureDefaultExtension point
TCP/IPHTTP-only (SW proxy)netBackend: (deps) => nodeNetNamespace
UDPNot supporteddgramBackend: (deps) => { createSocket }
TLSNot supportedtlsBackend: (deps) => nodeTlsNamespace
Native .node addonsNot supportednativeAddonLoader: (path, vfs) => moduleSync
Worker threadsStub (isMainThread=true)workerThreadsBackend: (deps) => workerThreadsNamespace
import { createLiveShimRegistry } from '@bolojs/node-runtime-shims';
const registry = createLiveShimRegistry({
vfs,
sandbox,
dgramBackend: ({ vfs }) => ({
createSocket: (type, onMessage) => new WebTransportDgramSocket(onMessage),
}),
});

Each deps object passed to a backend factory is { vfs, sandbox }.


The demo app exposes a global API for e2e tests and embedding scripts.

// Check readiness
if (window.__browserbox_ready) {
// Install packages
await window.__browserbox.install(['react', 'react-dom']);
// Write a file into the VFS
await window.__browserbox.vfs.writeFile('/src/App.jsx', '<h1>Hello</h1>');
// Load a URL in the preview iframe
window.__browserbox.preview.loadUrl('https://sandbox.local/');
}

This is the demo shell’s external API, not a published library export.