Backends
heyvm supports multiple sandbox backends. Install and configure at least one for your host platform — see the per-backend pages below for setup steps.
Available backends
| Backend | Identifier | Platforms | Description |
|---|---|---|---|
| Microsandbox | msb | macOS, Linux | Full-VM isolation via the microsandbox SDK. Supports Python and Node.js sandbox types. |
| Apple Container | apple_container (alias apple_vf) | macOS (Apple silicon) | Linux OCI containers run as lightweight VMs through Apple's container CLI. Default backend on macOS. |
| Apple Virtualization | apple_virt | macOS (Apple silicon) | Full Linux VMs booted directly through Apple's Virtualization.framework via the avfbind Swift FFI — no container CLI or daemon required. Default backend for heyvm wt on macOS. |
| Sandbox Exec | sandbox_exec | macOS | Process-level sandboxing using macOS's built-in sandbox-exec. |
| Bubblewrap | bubblewrap | Linux | Lightweight namespace-based isolation via bwrap. Supports shell, Python, and Node.js sandbox types. Default backend on Linux. |
| Libvirt | libvirt | Linux (selectable on all platforms for cloud deploy) | Full-VM virtualization via KVM/QEMU. Strongest isolation of any backend; runs Ubuntu, Debian, or Alpine cloud images. |
| Firecracker | firecracker | Linux (selectable on all platforms for cloud deploy) | Lightweight KVM microVMs via the Firecracker VMM. Default worktree backend on Linux when /dev/kvm is available. |
| Firecracker Containerd | firecracker_containerd | Linux | Runs OCI container images as Firecracker microVMs via firecracker-containerd (the aws.firecracker containerd runtime + devmapper snapshotter). |
| KVM | kvm | Linux (x86_64 only) | Direct /dev/kvm VM management via the rust-vmm ecosystem (kvmbind) — no external VMM binary required. |
| Hyper-V | hyperv | Windows | Full-VM isolation via Microsoft Hyper-V. Default backend on Windows. |
| Windows Sandbox | windows_sandbox (alias wsb) | Windows | Disposable desktop-style isolation via Windows Sandbox. |
| Docker | docker | macOS, Linux, Windows | Container isolation via the Docker runtime, using OCI-compatible images. Default worktree backend on Linux when Docker is installed. |
| WASIX | wasix | macOS, Linux, Windows | WebAssembly sandbox powered by the Wasmer WASIX runtime. |
| WASI P2 | wasip2 | macOS, Linux, Windows | WebAssembly sandbox powered by Wasmtime's WASI Preview 2 runtime, with WASI-HTTP support. |