diff --git a/astro.config.mjs b/astro.config.mjs
index 85d1c15..bf0a9aa 100644
--- a/astro.config.mjs
+++ b/astro.config.mjs
@@ -8,6 +8,7 @@ export default defineConfig({
integrations: [
starlight({
title: 'Hyperlight',
+ favicon: '/favicon.png',
components: {
Footer: './src/components/HyperlightFooter.astro'
},
@@ -20,7 +21,14 @@ export default defineConfig({
],
},
{
- label: 'Resources', autogenerate: {directory: 'resources'}
+ label: 'Resources',
+ items: [
+ { slug: 'resources/community' },
+ ],
+ },
+ {
+ label: 'Projects',
+ autogenerate: { directory: 'resources/projects' },
},
],
plugins: [starlightBlog({})],
diff --git a/package-lock.json b/package-lock.json
index d4a99c1..9614900 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -120,6 +120,7 @@
"resolved": "https://registry.npmjs.org/@astrojs/starlight/-/starlight-0.37.6.tgz",
"integrity": "sha512-wQrKwH431q+8FsLBnNQeG+R36TMtEGxTQ2AuiVpcx9APcazvL3n7wVW8mMmYyxX0POjTnxlcWPkdMGR3Yj1L+w==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"@astrojs/markdown-remark": "^6.3.1",
"@astrojs/mdx": "^4.2.3",
@@ -1841,6 +1842,7 @@
"resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz",
"integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
"license": "MIT",
+ "peer": true,
"bin": {
"acorn": "bin/acorn"
},
@@ -2001,6 +2003,7 @@
"resolved": "https://registry.npmjs.org/astro/-/astro-5.17.1.tgz",
"integrity": "sha512-oD3tlxTaVWGq/Wfbqk6gxzVRz98xa/rYlpe+gU2jXJMSD01k6sEDL01ZlT8mVSYB/rMgnvIOfiQQ3BbLdN237A==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"@astrojs/compiler": "^2.13.0",
"@astrojs/internal-helpers": "0.7.5",
@@ -3689,6 +3692,7 @@
"resolved": "https://registry.npmjs.org/marked/-/marked-15.0.12.tgz",
"integrity": "sha512-8dD6FusOQSrpv9Z1rdNMdlSgQOIP880DHqnohobOmYLElGEqAL/JvxvuxZO16r4HtjTlfPRDC1hbvxC9dPN2nA==",
"license": "MIT",
+ "peer": true,
"bin": {
"marked": "bin/marked.js"
},
@@ -5077,6 +5081,7 @@
}
],
"license": "MIT",
+ "peer": true,
"dependencies": {
"nanoid": "^3.3.11",
"picocolors": "^1.1.1",
@@ -5542,6 +5547,7 @@
"resolved": "https://registry.npmjs.org/rollup/-/rollup-4.57.1.tgz",
"integrity": "sha512-oQL6lgK3e2QZeQ7gcgIkS2YZPg5slw37hYufJ3edKlfQSGGm8ICoxswK15ntSzF/a8+h7ekRy7k7oWc3BQ7y8A==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"@types/estree": "1.0.8"
},
@@ -6336,6 +6342,7 @@
"resolved": "https://registry.npmjs.org/vite/-/vite-6.4.1.tgz",
"integrity": "sha512-+Oxm7q9hDoLMyJOYfUYBuHQo+dkAloi33apOPP56pzj+vsdJDzr+j1NISE5pyaAuKL4A3UD34qd0lx5+kfKp2g==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"esbuild": "^0.25.0",
"fdir": "^6.4.4",
@@ -6534,6 +6541,7 @@
"resolved": "https://registry.npmjs.org/zod/-/zod-3.25.76.tgz",
"integrity": "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==",
"license": "MIT",
+ "peer": true,
"funding": {
"url": "https://github.com/sponsors/colinhacks"
}
diff --git a/public/favicon.png b/public/favicon.png
new file mode 100644
index 0000000..d8d479e
Binary files /dev/null and b/public/favicon.png differ
diff --git a/src/content/docs/blog/hyperlight-wasmcon-kubecon-eu-2026.mdx b/src/content/docs/blog/hyperlight-wasmcon-kubecon-eu-2026.mdx
index 3fc5b8e..d82a726 100644
--- a/src/content/docs/blog/hyperlight-wasmcon-kubecon-eu-2026.mdx
+++ b/src/content/docs/blog/hyperlight-wasmcon-kubecon-eu-2026.mdx
@@ -1,8 +1,9 @@
---
title: "Upcoming Talk: Running Wasmtime in Hardware-Isolated Microenvironments"
date: 2026-03-23
+lastUpdated: 2026-05-06
---
At WasmCon, co-located with KubeCon + CloudNativeCon Europe 2026 in Amsterdam on March 23, [Danilo (Dan) Chiarlone](https://github.com/danbugs) from Microsoft will present on running the Wasmtime WebAssembly runtime inside Hyperlight's hardware-isolated micro-VMs. This talk will explore how combining Wasmtime with Hyperlight provides dual-layer security — a WebAssembly software sandbox inside a hypervisor-enforced VM boundary — while maintaining fast cold starts.
-[View the session and add it to your calendar](https://colocatedeventseu2026.sched.com/event/2DY28)
+The recording is now available! [Watch the talk on YouTube](https://www.youtube.com/watch?v=jwta07eFEJE).
\ No newline at end of file
diff --git a/src/content/docs/resources/projects.mdx b/src/content/docs/resources/projects.mdx
deleted file mode 100644
index 9dd9557..0000000
--- a/src/content/docs/resources/projects.mdx
+++ /dev/null
@@ -1,54 +0,0 @@
----
-title: Related Hyperlight Projects
-description: Hyperlight related projects which provide additional functionality for language support or runtime support.
----
-
-import { Aside, LinkButton } from '@astrojs/starlight/components';
-
-Each of the projects below leverage Hyperlight for isolation and provide support for language runtimes, POSIX
-microkernels, and much more.
-
-## Hyperlight Wasm
-
-Hyperlight Wasm is a project that enables Wasm modules to be run within the Hyperlight secure boundary using
-Wasmtime. Its purpose is to enable applications to run untrusted or third party Wasm code within the VM
-isolation boundary with very low latency and resource utilization.
-
-
-Get Started with Hyperlight Wasm
-Hyperlight Wasm Docs
-
-## Hyperlight Nanvix
-
-Hyperlight Nanvix is a project that runs the [Nanvix][nanvix] microkernel inside the Hyperlight secure boundary. The Nanvix
-microkernel provides support for a broad set of POSIX APIs and support delegation of syscalls between the host and
-guest as well as syscall interposition (interception).
-
-The broad POSIX compatability of Nanvix provides the ability to run JavaScript, Python, C, C++, and Rust programs.
-Similar to Hyperlight runtimes, Hyperlight Nanvix offers low latency cold starts in the 10 - 20 millisecond range for
-optimized workloads.
-
-Get Started with Hyperlight Nanvix
-Hyperlight Nanvix Docs
-
-## Cargo Hyperlight
-
-Cargo Hyperlight is a `cargo` subcommand to help with building Hyperlight guest binaries.
-
-Hyperlight's extremely limited guest API can make it challenging to build guests targeting the environment. `cargo-hyperlight`
-was created to make it easier to build guest binaries. In fact, if your bin or any of its dependencies have a `build.rs`
-script using `cc` and `bindgen` to compile C code and generate bindings, they will often work without change!
-
-Get Started with cargo-hyperlight
-cargo-hyperlight Docs
-
-## Hyperlight JavaScript
-
-Hyperlight runtime for executing JavaScript within the Hyperlight secure boundary. It provides the ability to cold
-start JS applications in single digit milliseconds, perfect for the basis of a functions runtime. The runtime also
-provides the ability to register host functions which allow for extending functionality of the guest JavaScript
-code executing within the Hypervisor protected boundary.
-
-
-
-[nanvix]: https://github.com/nanvix/
\ No newline at end of file
diff --git a/src/content/docs/resources/projects/cargo-hyperlight.mdx b/src/content/docs/resources/projects/cargo-hyperlight.mdx
new file mode 100644
index 0000000..51218a9
--- /dev/null
+++ b/src/content/docs/resources/projects/cargo-hyperlight.mdx
@@ -0,0 +1,24 @@
+---
+title: Cargo Hyperlight
+description: A cargo subcommand to simplify building Hyperlight guest binaries.
+---
+
+import { LinkButton } from '@astrojs/starlight/components';
+
+Cargo Hyperlight is a `cargo` subcommand to help with building Hyperlight guest binaries.
+
+Hyperlight's extremely limited guest API can make it challenging to build guests targeting the environment. `cargo-hyperlight`
+was created to make it easier to build guest binaries. In fact, if your bin or any of its dependencies have a `build.rs`
+script using `cc` and `bindgen` to compile C code and generate bindings, they will often work without change!
+
+```bash
+# Install
+cargo install cargo-hyperlight
+
+# Build a guest binary
+cd my-hyperlight-guest
+cargo hyperlight build --release
+```
+
+GitHub
+API Docs
diff --git a/src/content/docs/resources/projects/hyperagent.mdx b/src/content/docs/resources/projects/hyperagent.mdx
new file mode 100644
index 0000000..b6d4125
--- /dev/null
+++ b/src/content/docs/resources/projects/hyperagent.mdx
@@ -0,0 +1,32 @@
+---
+title: HyperAgent
+description: A sandboxed code-acting AI agent runtime built on Hyperlight micro-VMs.
+---
+
+import { Aside, LinkButton } from '@astrojs/starlight/components';
+
+
+
+HyperAgent is a sandboxed code-acting AI agent runtime: it writes JavaScript handlers, validates them, and runs them
+inside hardware-isolated Hyperlight micro-VMs using the [GitHub Copilot SDK](https://github.com/github/copilot-sdk).
+
+It is built for useful, bounded work: data analysis, document generation, API workflows, secure file output, and tool
+use through plugins and MCP servers. The model can write code, but the code runs in a sandbox with no direct
+filesystem, shell, or network access unless you explicitly enable narrowly scoped host capabilities.
+
+```bash
+hyperagent --skill pptx-expert --profile web-research \
+ --prompt "Create a presentation on the NASA Artemis II mission \
+ include lots of statistics and data, use an appropriate theme \
+ and color scheme for the subject, make it stunning"
+```
+
+| Instead of | HyperAgent gives you |
+| ------------------------- | ------------------------------------------------------------- |
+| Shell-first automation | Code-first handlers validated and run in a micro-VM |
+| Ambient filesystem access | Path-jailed read/write plugins |
+| Ambient network access | Domain-scoped fetch with SSRF checks |
+| Ad hoc tool calls | Normal JavaScript APIs for approved capabilities |
+| Hidden agent state | Explicit shared state, transcript logs, and timing logs |
+
+GitHub
diff --git a/src/content/docs/resources/projects/hyperlight-js.mdx b/src/content/docs/resources/projects/hyperlight-js.mdx
new file mode 100644
index 0000000..6a93abe
--- /dev/null
+++ b/src/content/docs/resources/projects/hyperlight-js.mdx
@@ -0,0 +1,46 @@
+---
+title: Hyperlight JavaScript
+description: Execute JavaScript within the Hyperlight secure boundary with single digit millisecond cold starts.
+---
+
+Hyperlight JavaScript is a runtime for executing JavaScript within the Hyperlight secure boundary. It provides the ability to cold
+start JS applications in single digit milliseconds, perfect for the basis of a functions runtime. The runtime also
+provides the ability to register host functions which allow for extending functionality of the guest JavaScript
+code executing within the hypervisor-protected boundary.
+
+```rust
+use hyperlight_js::{SandboxBuilder, Script};
+
+fn main() -> anyhow::Result<()> {
+ // Create a sandbox and load the JS runtime
+ let proto = SandboxBuilder::new().build()?;
+ let mut js_sandbox = proto.load_runtime()?;
+
+ // Register a JavaScript handler inline
+ let handler = Script::from_string(r#"
+ function fibonacci(n) {
+ if (n <= 0) return 0;
+ if (n === 1) return 1;
+ return fibonacci(n - 1) + fibonacci(n - 2);
+ }
+
+ function handler({ n }) {
+ return { fib: fibonacci(n) };
+ }
+
+ export { handler };
+ "#)?;
+ js_sandbox.add_handler("fibonacci".to_string(), handler)?;
+
+ // Load the sandbox and invoke the handler with a JSON event
+ let mut loaded = js_sandbox.get_loaded_sandbox()?;
+ let result = loaded.handle_event(
+ "fibonacci".to_string(),
+ r#"{ "n": 10 }"#.to_string(),
+ None,
+ )?;
+ println!("{result}"); // {"fib":55}
+
+ Ok(())
+}
+```
diff --git a/src/content/docs/resources/projects/hyperlight-nanvix.mdx b/src/content/docs/resources/projects/hyperlight-nanvix.mdx
new file mode 100644
index 0000000..9d4b733
--- /dev/null
+++ b/src/content/docs/resources/projects/hyperlight-nanvix.mdx
@@ -0,0 +1,36 @@
+---
+title: Hyperlight Nanvix
+description: Run the Nanvix microkernel inside Hyperlight for broad POSIX compatibility.
+---
+
+import { LinkButton } from '@astrojs/starlight/components';
+
+Hyperlight Nanvix runs the [Nanvix](https://github.com/nanvix/) microkernel inside the Hyperlight secure boundary. The Nanvix
+microkernel provides support for a broad set of POSIX APIs and support delegation of syscalls between the host and
+guest as well as syscall interposition (interception).
+
+The broad POSIX compatibility of Nanvix provides the ability to run JavaScript, Python, C, C++, and Rust programs.
+Similar to Hyperlight runtimes, Hyperlight Nanvix offers low latency cold starts in the 10–20 millisecond range for
+optimized workloads.
+
+```rust
+use hyperlight_nanvix::{Sandbox, RuntimeConfig};
+
+#[tokio::main]
+async fn main() -> anyhow::Result<()> {
+ let config = RuntimeConfig::new()
+ .with_log_directory("/tmp/hyperlight-nanvix")
+ .with_tmp_directory("/tmp/hyperlight-nanvix");
+
+ let mut sandbox = Sandbox::new(config)?;
+
+ sandbox.run("guest-examples/hello.js").await?; // JavaScript
+ sandbox.run("guest-examples/hello.py").await?; // Python
+ sandbox.run("guest-examples/hello-c").await?; // C binary
+
+ Ok(())
+}
+```
+
+GitHub
+API Docs
diff --git a/src/content/docs/resources/projects/hyperlight-sandbox.mdx b/src/content/docs/resources/projects/hyperlight-sandbox.mdx
new file mode 100644
index 0000000..0287488
--- /dev/null
+++ b/src/content/docs/resources/projects/hyperlight-sandbox.mdx
@@ -0,0 +1,35 @@
+---
+title: Hyperlight Sandbox
+description: A multi-backend sandboxing framework for running untrusted code with controlled host capabilities.
+---
+
+import { LinkButton } from '@astrojs/starlight/components';
+
+Hyperlight Sandbox is a multi-backend sandboxing framework for running untrusted code with controlled host capabilities.
+It provides a unified API across multiple isolation backends (Wasm Component, HyperlightJS, Nanvix) with a common
+capability model and SDKs for Python, .NET, and Rust.
+
+Key features include:
+
+- **Secure code execution** — Run untrusted code in hardware-isolated sandboxes (KVM, MSHV, Hyper-V)
+- **Host tool dispatch** — Register callables as tools; guest code invokes them by name with schema-validated arguments
+- **Capability-based file access** — Read-only `/input` directory, writable `/output` directory, strict path isolation
+- **Snapshot / restore** — Capture and rewind sandbox runtime state for reuse
+- **Network allow listing** — Network traffic is off by default; allow specific domains and HTTP verbs
+
+```python
+from hyperlight_sandbox import Sandbox
+
+sandbox = Sandbox(backend="wasm", module="python_guest.path")
+sandbox.register_tool("add", lambda a=0, b=0: a + b)
+sandbox.allow_domain("https://httpbin.org")
+
+result = sandbox.run("""
+total = call_tool('add', a=3, b=4)
+resp = http_get('https://httpbin.org/get')
+print(f"3 + 4 = {total}, HTTP status: {resp['status']}")
+""")
+print(result.stdout)
+```
+
+GitHub
diff --git a/src/content/docs/resources/projects/hyperlight-wasm.mdx b/src/content/docs/resources/projects/hyperlight-wasm.mdx
new file mode 100644
index 0000000..aa4fbe0
--- /dev/null
+++ b/src/content/docs/resources/projects/hyperlight-wasm.mdx
@@ -0,0 +1,31 @@
+---
+title: Hyperlight Wasm
+description: Run Wasm modules within Hyperlight's secure boundary using Wasmtime.
+---
+
+import { LinkButton } from '@astrojs/starlight/components';
+
+Hyperlight Wasm enables Wasm modules to be run within the Hyperlight secure boundary using
+Wasmtime. Its purpose is to enable applications to run untrusted or third party Wasm code within the VM
+isolation boundary with very low latency and resource utilization.
+
+```rust
+// Load and call the component from your host application
+let mut sb = hyperlight_wasm::SandboxBuilder::new().build().unwrap();
+let rt = bindings::register_host_functions(&mut sb, state);
+
+let sb = sb.load_runtime().unwrap();
+let sb = sb.load_module("component_sample.aot").unwrap();
+
+let mut wrapped = bindings::ExampleSandbox { sb, rt };
+let instance = bindings::component_sample::example::ExampleExports::adder(&mut wrapped);
+
+let result = instance.add(1, 2);
+println!("1 + 2 = {result}"); // 1 + 2 = 3
+
+let result = instance.call_host("Hello".to_string());
+println!("{result}"); // Hello from component and the host!
+```
+
+GitHub
+API Docs
diff --git a/src/content/docs/resources/projects/index.mdx b/src/content/docs/resources/projects/index.mdx
new file mode 100644
index 0000000..8f921e5
--- /dev/null
+++ b/src/content/docs/resources/projects/index.mdx
@@ -0,0 +1,19 @@
+---
+title: Overview
+description: Hyperlight related projects which provide additional functionality for language support or runtime support.
+sidebar:
+ order: 0
+---
+
+import { LinkCard, CardGrid } from '@astrojs/starlight/components';
+
+The following projects are part of the Hyperlight family, providing language runtimes, sandboxing frameworks, developer tools, and more.
+
+
+
+
+
+
+
+
+
\ No newline at end of file