Changelog - MIOSA Docs

What’s new in MIOSA. Updates ship continuously; this page is a human-readable digest grouped by week.

The MIOSA SDKs will live in dedicated public repos for each language - Miosa-osa/python-sdk, Miosa-osa/typescript-sdk, etc. Mirrored from the monorepo via a CI subtree-split workflow. Direct installs remain unchanged.

June 9, 2026

Production V1 backend and verified sandbox benchmark

The unified V1 backend is live in production on release/v1. Production health checks passed after deployment.

MIOSA also ran verified production sandbox benchmarks through the real HTTP API: 100 sandboxes, concurrency 10, xs miosa-sandbox instances, create -> ready -> exec -> destroy. Result: 100 / 100 completed successfully, 0 capacity rejections. The production run path (POST /api/v1/sandboxes/run) measured 512ms p50, 992ms p95, and 1.300s p99 command-ready TTI. The standard client-owned lifecycle measured 947ms p50, 1.333s p95, and 1.348s p99. See Benchmarks →

1.1.0 - White-label integration release (2026-05-26)

This release completes the five-phase white-label integration track. Every feature below is additive - no breaking changes, no migration steps required.

Phase 1 - Foundation

Sandbox slug + external attribution at create. POST /v1/sandboxes accepts slug, external_user_id, external_project_id, and an arbitrary metadata map. Attribution fields are stored as opaque strings and appear on all list/read responses.
sandbox.update PATCH. Slug, metadata, and attribution can be updated after create without a restart.
Preview tokens (mp_*). Short-lived signed tokens for embedding a sandbox preview inside your own product’s iframe. Your msk_* key never leaves the server. See Browser Tokens →
Webhook subscriptions for sandbox lifecycle. Subscribe to sandbox.created, sandbox.started, sandbox.suspended, sandbox.resumed, sandbox.destroyed, and sandbox.error over HTTPS webhook delivery. See Events →
Branded 404/502 pages. The platform renders your tenant logo and color on error pages shown to end users.
Tenant preview-domain CRUD. Register and verify a custom domain that your end users see in the browser address bar instead of MIOSA fallback preview domains. See Custom Domains →
Tenant branding CRUD. Upload a logo and accent color. Applied to 4xx/5xx pages and preview chrome.

Phase 2 - Editor primitives

File tree. GET /v1/sandboxes/:id/files returns a recursive directory listing with size, mtime, and type.
write_many. Write multiple files in a single API call - useful for agent code-gen that produces many files at once.
File-change SSE. Subscribe to file.changed events on a sandbox to stream editor state to a browser in real time.
Sandbox env vars CRUD. Set, list, and delete environment variables on a running sandbox without reboot. Variables are available to new exec calls immediately.
Long-running processes. Start a named process, list running processes, stream logs, and stop by name - without managing a detached exec manually.
Sandbox templates. Author reusable sandbox starting images with a BuildSpec file. Publish to your organization’s private catalog or the public catalog.
Snapshot fork. Fork a sandbox from a named snapshot - creates a new running sandbox pre-seeded with a checkpoint of another sandbox’s state.

Phase 3 - Multi-tenant

Usage rollup by external_user_id. GET /v1/usage accepts group_by=external_user_id - returns compute-seconds and storage-bytes per attributed user. Useful for per-customer cost chargeback.
Audit log. Every mutation in your workspace is recorded: who called what, when, from which IP, with which resource IDs. GET /v1/audit-log with date range and resource filters.
Per-user quotas. Set sandbox concurrency and compute-minute caps per external_user_id through the tenant quota API.
Tenant-wide events SSE. A single SSE stream (GET /v1/events) that carries lifecycle events across all sandboxes in your workspace - for dashboards that need to reflect fleet state without polling.

Share URLs (ms_*). Mint a public read-only share URL for a sandbox preview. Share tokens are revocable, expiring, and optionally password-protected.
Per-end-user custom domains. Attach a custom domain to an individual sandbox preview scoped to one external_user_id - so each customer can have app.theirdomain.com pointing at their sandbox.

Phase 5 - UI component packages

Drop-in React, Vue, and Svelte components that embed a MIOSA sandbox preview, terminal, file tree, or usage chart inside your own product UI. Components handle token minting, SSE reconnect, and error states.

Package	npm
`@miosa/react`	npmjs.com/package/@miosa/react
`@miosa/vue`	npmjs.com/package/@miosa/vue
`@miosa/svelte`	npmjs.com/package/@miosa/svelte

Available components: MiosaPreview, MiosaTerminal, MiosaFileTree, MiosaUsage.

See UI Components →

Package versions

Package	Registry	Version
`miosa` (Python)	pypi.org/project/miosa	1.1.0
`@miosa/sdk` (TypeScript)	npmjs.com/package/@miosa/sdk	1.1.0
`miosa` (Elixir)	hex.pm/packages/miosa	1.1.0
`github.com/Miosa-osa/miosa-go` (Go)	pkg.go.dev/github.com/Miosa-osa/miosa-go	v0.4.0
`ai.miosa:miosa-sdk` (Java)	central.sonatype.com	0.4.0
`@miosa/react` / `@miosa/vue` / `@miosa/svelte`	npm	0.2.0

Breaking changes

None. The 1.1.0 release is purely additive across all SDK packages and the REST API.

Migration notes

No migration required. Existing integrations continue to work without changes.

May 19 - 25, 2026

Auto-snapshot on custom template create

POST /v1/sandbox-templates now enqueues a background Oban job that boots the template once and captures its memory snapshot immediately after the template row is committed. For customer-defined templates, the first boot on the build host lands on the snapshot-restore path (~47 ms p50 in benchmarks) rather than the 500-1500 ms cold-boot path. End-to-end production verification is in progress.

Eager snapshot distribution across the fleet

After a template snapshot is built, the platform replicates it across the fleet in parallel. The intent is that the first user in any region hits the warm path, not just the region where the template was created. Distribution failures are non-fatal - an on-demand replication fallback remains in place.

Fixed: `sandbox_expose` MCP tool returned broken URLs

The MCP tool was hand-rolling https://<slug>.<domain>:<port> URLs that the proxy does not route. It also skipped proxy cache registration, so the slug→VM-IP route was never wired. The fix uses the preview URL resolver for the canonical URL shape and registers the route through the proxy cache. Deployed 2026-05-25.

May 12 - 18, 2026

MCP server for AI coding assistants

A native MCP server ships 22 computer-use tools - screenshot, click, type, scroll, drag, key chords, window management, clipboard, cursor, launch, and more - making any MCP-capable AI coding assistant a first-class driver for MIOSA Computers. See Desktop Control →

Desktop double-click, scroll fix, and faster typing

Fixed a scroll timing regression that caused scroll-up actions to stall. Added double-click as a distinct desktop action. Improved keystroke throughput for type commands. The Go SDK now ships a full Computer type with all 13 desktop actions.

Python and TypeScript Sandbox SDKs reach full parity

All Sandbox methods - create, exec, stream, snapshot, file I/O, suspend, resume - are now available in Python (sync + async) and TypeScript. The CLI routes sandbox commands through the native API rather than a secondary proxy. See Sandbox SDK reference →

Fixed: SDK import errors and agent exports

Resolved broken module imports introduced during SDK consolidation. ExecResult field names are now consistent across Python and TypeScript. Agent stub exports are correctly registered in the package index.

May 5 - 11, 2026

Sandbox architecture: snapshot restore now live

Sandbox snapshot restore is live at ~166ms p50. The platform captures snapshots automatically on suspend and restores them on resume - no cold boot penalty on warm sandboxes. See Sandboxes →

Regions and computer embedding APIs

New GET /api/v1/regions endpoint returns the current compute region list with capacity metadata. The embed API now returns a scoped, short-lived token for embedding a computer’s desktop into your own UI - no iframe proxy required. See Embedding →

Production deploy pipeline hardened

The sandbox-to-deployment pipeline (source snapshot → builder → release → runtime instance) is fully wired in production. Build logs stream in real time. Static sites land on the edge; dynamic apps boot as runtime instances. See Deploy overview →

Unified SDKs replace standalone sandbox package

The standalone sandbox SDK package is deprecated. All sandbox functionality is available under the unified language SDKs (miosa for Python, @miosa/sdk for TypeScript, and equivalents in Go, Java, Elixir). Migration is a single import change; the API surface is identical.

Removed

The separate sandbox CLI path is removed; all CLI sandbox commands route through the main API.
Legacy agent endpoints (/computers/:id/cua/*, /computers/:id/agent/*) now return 410 Gone. Use desktop primitives directly or the MCP server.

Apr 28 - May 4, 2026

CLI: public install via Homebrew

The MIOSA CLI is now installable via Homebrew:

brew install miosa-dev/tap/msk

The CLI supports msk computers, msk sandboxes, msk deploy, and msk auth. A device-flow OAuth login ties the CLI to your workspace in one browser step. See CLI reference →

Account security pages

New security section in account settings: active sessions, passkey management, two-factor setup, and connected OAuth providers. Sessions can be revoked individually.

Admin: email campaign composer

Platform operators can now compose and send targeted email campaigns to workspace segments directly from the admin console.

Improved: AI engine token tracking

Token usage from the AI engine is now tracked per-computer and surfaced in the usage API. Metered usage accumulates in real time against the workspace’s billing period. See Usage and Billing →

Improved: frontend workspace tabs and GPU pricing

Workspace settings tabs now persist the active tab across navigation. GPU tier pricing is correctly reflected on the computer create form and the pricing page.

Improved: admin observability and intelligence gateway

Admin dashboard surfaces per-tenant active computer count, sandbox throughput, and deploy queue depth. The intelligence gateway proxy correctly handles streaming responses under load.

Apr 21 - 27, 2026

Computer tab scrolling fixed

Long-running computers with many open tabs (terminal, preview, files, etc.) now scroll the tab strip horizontally rather than overflowing off-screen.

Computer create: services panel

The computer create flow now includes a services panel for attaching data services (Postgres, Redis, object storage) at creation time. Environment variables are injected automatically.

Environment variable persistence

Environment variables set on a computer or sandbox are persisted across stop/start cycles. Variables set via API are visible in the in-computer terminal immediately.

Warm pool admin controls

Platform operators can configure warm pool size, pre-warm image targets, and drain schedules from the admin console.

Apr 14 - 20, 2026

OpenComputers resources across all five SDKs

Hosts, jobs, files, tunnels, and inference cluster resources are now available in all five SDKs (Python, TypeScript, Go, Elixir, Java). Async variants included in Python. See SDK references →

SDK surface expansion

Ten new resource namespaces added: Sandboxes, Deployments, Versions, Releases, Runtime Instances, Domains, Data Services (Postgres, Redis, Storage), Network Policy, and Credits. Coverage tables are on each SDK page.

Computer tunnels

The computer command service now supports exposing internal services as tunnels - useful for previewing dev servers running inside a computer from outside the VM boundary. See Previews →

Mar 31 - Apr 13, 2026

Deployments API

The Deployments API is in production: POST /api/v1/sandboxes/:id/deploy publishes a sandbox, GET /api/v1/deployments lists deployment history, and POST /api/v1/deployments/:id/rollback re-points the active version. All operations are available in the SDK and dashboard. See Deploy →

Sandbox, Deploy, and Intelligence dashboards

The dashboard ships three new top-level sections: Sandboxes (live usage, snapshot list), Deploy (deployment history, build logs, rollback), and Intelligence (AI engine usage, cost trends).

API drift CI gate

A new CI check compares the server’s declared API surface against all five SDK clients on every pull request. Contract mismatches - missing endpoints, changed field names, type drift - fail the build before they reach production.

Docs site launched

The MIOSA docs site launched with the unified API key format (msk_*), Mermaid diagram rendering, six-language SDK tabs, and full-text search.

Mar 2 - 29, 2026

Compute platform in production

The compute engine and platform API are deployed to production. The provisioning flow is hardened with retry logic, crash guards, and correct error propagation. OAuth state mismatch now redirects to login rather than surfacing a raw error.

Computer rename complete

“Instance” is renamed to “Computer” across the API, dashboard, SDKs, and documentation. Existing API clients using /instances/* continue to work via redirect; new code should use /computers/*. See Computers →

Computer: `/enter` endpoint

POST /api/v1/computers/:id/enter returns a scoped session token for direct desktop access. Used by the embed flow and the CLI msk computers enter command.

26 app templates with tier system

The computer create flow ships 26 starting templates (landing page, SaaS scaffold, data dashboard, agent workspace, and more) organized by tier: free, pro, and enterprise. The template picker is a split-panel modal with live previews.

Security hardening

Sixteen security fixes: secret redaction from configure responses, XSS prevention on user-controlled fields, timer leak fixes, provisioning crash guard, and tenant slug collision prevention. Internal auth tokens are no longer included in API responses to unprivileged callers.