Publish 0.6.0-alpha as the new stable schema (strict surface)#455
Merged
Conversation
Member
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Contributor
There was a problem hiding this comment.
Pull request overview
Promotes the 0.6.0 schema content into a new shipped stable schema (0.6.0-alpha), updates the SDK to treat additional backends as experimental for validation, and refreshes documentation to reflect the new stable/dev schema split and the “stable schemas may include experimental shapes” policy.
Changes:
- Add new stable schema file
schemas/stable/mxc-config.schema.0.6.0-alpha.jsonreflecting the current accepted config shape. - Update SDK experimental backend validation list to include
windows_sandboxandisolation_session. - Update SDK/docs guidance to list
0.6.0-alphaas the current stable schema and clarify the stable-vs-dev schema model.
Show a summary per file
| File | Description |
|---|---|
| sdk/src/types.ts | Expands ExperimentalBackends so the SDK validator gates windows_sandbox and isolation_session behind experimental mode. |
| sdk/README.md | Updates schema/version guidance and backend tables to include 0.6.0-alpha and new/experimental backends. |
| schemas/stable/mxc-config.schema.0.6.0-alpha.json | Introduces the new stable 0.6.0-alpha JSON schema, including experimental sections for editor validation. |
| schemas/dev/mxc-config.schema.0.6.0-dev.json | Tweaks containment description to correctly label microvm as experimental. |
| docs/versioning.md | Documents 0.6.0-alpha as current stable and clarifies the policy that stable schemas may include experimental shapes. |
| docs/authoring-a-new-feature.md | Updates contributor guidance around schema immutability and promotion, aligned with the clarified versioning model. |
Copilot's findings
- Files reviewed: 6/6 changed files
- Comments generated: 5
MGudgin
force-pushed
the
user/gudge/schema/0.6.0-alpha-stable
branch
from
9d25a05 to
cfb9044
Compare
Member
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
bbonaby
reviewed
May 29, 2026
shschaefer
previously requested changes
May 29, 2026
microsoft-github-policy-service
Bot
added
Needs-Author-Feedback
MGudgin
force-pushed
the
user/gudge/schema/0.6.0-alpha-stable
branch
2 times, most recently
from
bc2a7c0 to
a9bd5ad
Compare
MGudgin
changed the title
Contributor
|
Sorry, one more thing I noticed, there are bubblewrap test configs in tests/configs/ that are using "version": "0.6.0-alpha" and containment: "bubblewrap". We will have to switch these to the dev json- 0.7.0? Same comment for tests/configs/linux_process_default.json and tests/configs/linux_process_abstract.json |
bbonaby
reviewed
May 30, 2026
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
bbonaby
approved these changes
May 30, 2026
MGudgin
force-pushed
the
user/gudge/schema/0.6.0-alpha-stable
branch
from
a9bd5ad to
dea1b82
Compare
Promotes dev content into schemas/stable/mxc-config.schema.0.6.0-alpha.json, mints 0.7.0-dev as the next dev iteration, and adopts a strict policy: stable schemas document only the non-experimental surface. Experimental backends, the experimental.* block, and state-aware sandbox lifecycle live in 0.7.0-dev only. The --experimental runtime gate is unchanged; schema choice affects editor validation, not runtime behavior. Schema: - 0.6.0-alpha (NEW): processContainer, fallback.allowDaclMutation, network.allowLocalNetwork; deny-by-default defaultPolicy; containment ['processcontainer', 'lxc']. No experimental block. - 0.5.0-alpha-strict (NEW): strict sibling of 0.5.0-alpha. The original 0.5.0-alpha.json is preserved unmodified per the immutability rule. - Dev schema renamed 0.6.0-dev → 0.7.0-dev. Wire version (Step A of the dev-mint pattern from #265): - Parser SUPPORTED_VERSION '<=0.6' → '<=0.7'; SDK SUPPORTED_VERSION '0.6.0-alpha' → '0.7.0-alpha'. Dev schema and 13 macOS examples declare '0.7.0-alpha' as the wire version. SDK: - 'windows_sandbox' and 'isolation_session' added to ExperimentalBackends so the validator errors in-process. - README backend table: macOS x64 → ARM64; Windows narrowed to 24H2+ (verified on 25H2); Hyperlight is a build-flavor footnote. Docs: - authoring-a-new-feature.md and versioning.md document the strict policy. Testing: 164/164 SDK unit tests pass; 11/11 parser schema_version tests pass. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
MGudgin
force-pushed
the
user/gudge/schema/0.6.0-alpha-stable
branch
from
dea1b82 to
e7405ff
Compare
Member
Author
See the latest, bubblewrap is now in 0.6.0-alpha, so configs are OK. |
Member
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
bbonaby
approved these changes
May 30, 2026
MGudgin
dismissed
shschaefer’s stale review
Comments addressed. Most recent changes reviewed by other team members.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📖 Description
Promotes dev content into
schemas/stable/mxc-config.schema.0.6.0-alpha.json, mints0.7.0-devas the next dev iteration, and adopts a strict policy: stable schemas document only the non-experimental surface. Experimental backends, theexperimental.*block, and state-aware sandbox lifecycle live in0.7.0-devonly.Runtime is unchanged. The parser still accepts experimental backends and the
experimental.*block when paired with--experimental, regardless of which schema validated the config. Schema choice affects editor validation, not runtime behavior.Schema:
0.6.0-alpha(NEW):processContainer,fallback.allowDaclMutation,network.allowLocalNetwork; deny-by-defaultdefaultPolicy; containment enum['process', 'processcontainer', 'lxc', 'bubblewrap'], default'process'.processis the cross-platform abstract intent — resolves toprocesscontaineron Windows,bubblewrapon Linux, and (in the future, when seatbelt graduates)seatbelton macOS. Noexperimental.*block.0.5.0-alpha-strict.json(NEW): strict sibling of0.5.0-alpha. Same wire version, containment['appcontainer', 'lxc']. The original0.5.0-alpha.jsonis preserved unmodified per the immutability rule.0.6.0-dev→0.7.0-dev.Wire version (Step A of the dev-mint pattern from #265):
SUPPORTED_VERSION<=0.6→<=0.7; SDKSUPPORTED_VERSION0.6.0-alpha→0.7.0-alpha.0.7.0-alphaas the wire version.Bubblewrap reclassification:
ExperimentalBackendslist, adds it to the strict0.6.0-alphaenum, removes it from the dev schema's "experimental backends" note, and updates the README backend table to show it as the Linux default.SDK:
windows_sandboxandisolation_sessionadded toExperimentalBackendsso the validator errors in-process.bubblewrapremoved fromExperimentalBackends([Bubblewrap] Make Bubblewrap the default Linux backend #368 already removed the runtime gate).bubblewrap, other =lxc. macOSx64 / ARM64→ARM64. Windows narrowed to24H2+ (verified on 25H2). Hyperlight is a build-flavor footnote.Docs:
authoring-a-new-feature.mdandversioning.mddocument the strict policy.🔗 References
allowLocalNetwork), Seatbelt: Add extraMachLookups escape hatch for additional Mach services #437 (extraMachLookups), #256 / Set schema network default to deny by default #427 (deny-by-defaultdefaultPolicy)6fcd9c0)🔍 Validation
schema_versiontests pass--experimentalruntime gate)✅ Checklist
📋 Issue Type
Follow-ups (out of scope for this PR)
docs/schema.mdcontent sync (#285)0.6.0-alphacould pick up a stable-subset of theallOfsingle-backend-section constraint added to the dev schema in Enforce single containment backend section per config #426; left for a follow-up🤖 Generated with Claude Code