Website updates

astro.config.mjs

@@ -8,6 +8,7 @@ export default defineConfig({
 	integrations: [
 		starlight({
 			title: 'Hyperlight',
+			favicon: '/favicon.png',
 			components: {
 				Footer: './src/components/HyperlightFooter.astro'
 			},
@@ -20,7 +21,14 @@ export default defineConfig({
 					],
 				},
 				{
-					label: 'Resources', autogenerate: {directory: 'resources'}
+					label: 'Resources',
+					items: [
+						{ slug: 'resources/community' },
+					],
+				},
+				{
+					label: 'Projects',
+					autogenerate: { directory: 'resources/projects' },
 				},
 			],
 			plugins: [starlightBlog({})],

src/content/docs/blog/hyperlight-wasmcon-kubecon-eu-2026.mdx

@@ -1,8 +1,9 @@
 ---
 title: "Upcoming Talk: Running Wasmtime in Hardware-Isolated Microenvironments"
 date: 2026-03-23
+lastUpdated: 2026-05-06
 ---
 
 At WasmCon, co-located with KubeCon + CloudNativeCon Europe 2026 in Amsterdam on March 23, [Danilo (Dan) Chiarlone](https://github.com/danbugs) from Microsoft will present on running the Wasmtime WebAssembly runtime inside Hyperlight's hardware-isolated micro-VMs. This talk will explore how combining Wasmtime with Hyperlight provides dual-layer security — a WebAssembly software sandbox inside a hypervisor-enforced VM boundary — while maintaining fast cold starts.
 
-[View the session and add it to your calendar](https://colocatedeventseu2026.sched.com/event/2DY28)
+The recording is now available! [Watch the talk on YouTube](https://www.youtube.com/watch?v=jwta07eFEJE).

src/content/docs/resources/projects/cargo-hyperlight.mdx

@@ -0,0 +1,24 @@
+---
+title: Cargo Hyperlight
+description: A cargo subcommand to simplify building Hyperlight guest binaries.
+---
+
+import { LinkButton } from '@astrojs/starlight/components';
+
+Cargo Hyperlight is a `cargo` subcommand to help with building Hyperlight guest binaries.
+
+Hyperlight's extremely limited guest API can make it challenging to build guests targeting the environment. `cargo-hyperlight`
+was created to make it easier to build guest binaries. In fact, if your bin or any of its dependencies have a `build.rs`
+script using `cc` and `bindgen` to compile C code and generate bindings, they will often work without change!
+
+```bash
+# Install
+cargo install cargo-hyperlight
+
+# Build a guest binary
+cd my-hyperlight-guest
+cargo hyperlight build --release
+```
+
+<LinkButton href="https://github.com/hyperlight-dev/cargo-hyperlight">GitHub</LinkButton>
+<LinkButton href="https://docs.rs/crate/cargo-hyperlight/latest" variant="secondary">API Docs</LinkButton>

src/content/docs/resources/projects/hyperagent.mdx

@@ -0,0 +1,32 @@
+---
+title: HyperAgent
+description: A sandboxed code-acting AI agent runtime built on Hyperlight micro-VMs.
+---
+
+import { Aside, LinkButton } from '@astrojs/starlight/components';
+
+<Aside type="caution">HyperAgent is pre-release software. Not for production use.</Aside>
+
+HyperAgent is a sandboxed code-acting AI agent runtime: it writes JavaScript handlers, validates them, and runs them
+inside hardware-isolated Hyperlight micro-VMs using the [GitHub Copilot SDK](https://github.com/github/copilot-sdk).
+
+It is built for useful, bounded work: data analysis, document generation, API workflows, secure file output, and tool
+use through plugins and MCP servers. The model can write code, but the code runs in a sandbox with no direct
+filesystem, shell, or network access unless you explicitly enable narrowly scoped host capabilities.
+
+```bash
+hyperagent --skill pptx-expert --profile web-research \
+  --prompt "Create a presentation on the NASA Artemis II mission \
+  include lots of statistics and data, use an appropriate theme \
+  and color scheme for the subject, make it stunning"
+```
+
+| Instead of                | HyperAgent gives you                                          |
+| ------------------------- | ------------------------------------------------------------- |
+| Shell-first automation    | Code-first handlers validated and run in a micro-VM           |
+| Ambient filesystem access | Path-jailed read/write plugins                                |
+| Ambient network access    | Domain-scoped fetch with SSRF checks                          |
+| Ad hoc tool calls         | Normal JavaScript APIs for approved capabilities              |
+| Hidden agent state        | Explicit shared state, transcript logs, and timing logs       |
+
+<LinkButton href="https://github.com/hyperlight-dev/hyperagent">GitHub</LinkButton>

src/content/docs/resources/projects/hyperlight-js.mdx

@@ -0,0 +1,46 @@
+---
+title: Hyperlight JavaScript
+description: Execute JavaScript within the Hyperlight secure boundary with single digit millisecond cold starts.
+---
+
+Hyperlight JavaScript is a runtime for executing JavaScript within the Hyperlight secure boundary. It provides the ability to cold
+start JS applications in single digit milliseconds, perfect for the basis of a functions runtime. The runtime also
+provides the ability to register host functions which allow for extending functionality of the guest JavaScript
+code executing within the hypervisor-protected boundary.
+
+```rust
+use hyperlight_js::{SandboxBuilder, Script};
+
+fn main() -> anyhow::Result<()> {
+    // Create a sandbox and load the JS runtime
+    let proto = SandboxBuilder::new().build()?;
+    let mut js_sandbox = proto.load_runtime()?;
+
+    // Register a JavaScript handler inline
+    let handler = Script::from_string(r#"
+        function fibonacci(n) {
+            if (n <= 0) return 0;
+            if (n === 1) return 1;
+            return fibonacci(n - 1) + fibonacci(n - 2);
+        }
+
+        function handler({ n }) {
+            return { fib: fibonacci(n) };
+        }
+
+        export { handler };
+    "#)?;
+    js_sandbox.add_handler("fibonacci".to_string(), handler)?;
+
+    // Load the sandbox and invoke the handler with a JSON event
+    let mut loaded = js_sandbox.get_loaded_sandbox()?;
+    let result = loaded.handle_event(
+        "fibonacci".to_string(),
+        r#"{ "n": 10 }"#.to_string(),
+        None,
+    )?;
+    println!("{result}"); // {"fib":55}
+
+    Ok(())
+}
+```

src/content/docs/resources/projects/hyperlight-nanvix.mdx

@@ -0,0 +1,36 @@
+---
+title: Hyperlight Nanvix
+description: Run the Nanvix microkernel inside Hyperlight for broad POSIX compatibility.
+---
+
+import { LinkButton } from '@astrojs/starlight/components';
+
+Hyperlight Nanvix runs the [Nanvix](https://github.com/nanvix/) microkernel inside the Hyperlight secure boundary. The Nanvix
+microkernel provides support for a broad set of POSIX APIs and support delegation of syscalls between the host and
+guest as well as syscall interposition (interception).
+
+The broad POSIX compatibility of Nanvix provides the ability to run JavaScript, Python, C, C++, and Rust programs.
+Similar to Hyperlight runtimes, Hyperlight Nanvix offers low latency cold starts in the 10–20 millisecond range for
+optimized workloads.
+
+```rust
+use hyperlight_nanvix::{Sandbox, RuntimeConfig};
+
+#[tokio::main]
+async fn main() -> anyhow::Result<()> {
+    let config = RuntimeConfig::new()
+        .with_log_directory("/tmp/hyperlight-nanvix")
+        .with_tmp_directory("/tmp/hyperlight-nanvix");
+
+    let mut sandbox = Sandbox::new(config)?;
+
+    sandbox.run("guest-examples/hello.js").await?;    // JavaScript
+    sandbox.run("guest-examples/hello.py").await?;    // Python
+    sandbox.run("guest-examples/hello-c").await?;     // C binary
+
+    Ok(())
+}
+```
+
+<LinkButton href="https://github.com/hyperlight-dev/hyperlight-nanvix">GitHub</LinkButton>
+<LinkButton href="https://docs.rs/crate/hyperlight-nanvix/latest" variant="secondary">API Docs</LinkButton>

src/content/docs/resources/projects/hyperlight-sandbox.mdx

@@ -0,0 +1,35 @@
+---
+title: Hyperlight Sandbox
+description: A multi-backend sandboxing framework for running untrusted code with controlled host capabilities.
+---
+
+import { LinkButton } from '@astrojs/starlight/components';
+
+Hyperlight Sandbox is a multi-backend sandboxing framework for running untrusted code with controlled host capabilities.
+It provides a unified API across multiple isolation backends (Wasm Component, HyperlightJS, Nanvix) with a common
+capability model and SDKs for Python, .NET, and Rust.
+
+Key features include:
+
+- **Secure code execution** — Run untrusted code in hardware-isolated sandboxes (KVM, MSHV, Hyper-V)
+- **Host tool dispatch** — Register callables as tools; guest code invokes them by name with schema-validated arguments
+- **Capability-based file access** — Read-only `/input` directory, writable `/output` directory, strict path isolation
+- **Snapshot / restore** — Capture and rewind sandbox runtime state for reuse
+- **Network allow listing** — Network traffic is off by default; allow specific domains and HTTP verbs
+
+```python
+from hyperlight_sandbox import Sandbox
+
+sandbox = Sandbox(backend="wasm", module="python_guest.path")
+sandbox.register_tool("add", lambda a=0, b=0: a + b)
+sandbox.allow_domain("https://httpbin.org")
+
+result = sandbox.run("""
+total = call_tool('add', a=3, b=4)
+resp = http_get('https://httpbin.org/get')
+print(f"3 + 4 = {total}, HTTP status: {resp['status']}")
+""")
+print(result.stdout)
+```
+
+<LinkButton href="https://github.com/hyperlight-dev/hyperlight-sandbox">GitHub</LinkButton>

src/content/docs/resources/projects/hyperlight-wasm.mdx

@@ -0,0 +1,31 @@
+---
+title: Hyperlight Wasm
+description: Run Wasm modules within Hyperlight's secure boundary using Wasmtime.
+---
+
+import { LinkButton } from '@astrojs/starlight/components';
+
+Hyperlight Wasm enables Wasm modules to be run within the Hyperlight secure boundary using
+Wasmtime. Its purpose is to enable applications to run untrusted or third party Wasm code within the VM
+isolation boundary with very low latency and resource utilization.
+
+```rust
+// Load and call the component from your host application
+let mut sb = hyperlight_wasm::SandboxBuilder::new().build().unwrap();
+let rt = bindings::register_host_functions(&mut sb, state);
+
+let sb = sb.load_runtime().unwrap();
+let sb = sb.load_module("component_sample.aot").unwrap();
+
+let mut wrapped = bindings::ExampleSandbox { sb, rt };
+let instance = bindings::component_sample::example::ExampleExports::adder(&mut wrapped);
+
+let result = instance.add(1, 2);
+println!("1 + 2 = {result}"); // 1 + 2 = 3
+
+let result = instance.call_host("Hello".to_string());
+println!("{result}"); // Hello from component and the host!
+```
+
+<LinkButton href="https://github.com/hyperlight-dev/hyperlight-wasm">GitHub</LinkButton>
+<LinkButton href="https://docs.rs/crate/hyperlight-wasm/latest" variant="secondary">API Docs</LinkButton>

src/content/docs/resources/projects/index.mdx

@@ -0,0 +1,19 @@
+---
+title: Overview
+description: Hyperlight related projects which provide additional functionality for language support or runtime support.
+sidebar:
+  order: 0
+---
+
+import { LinkCard, CardGrid } from '@astrojs/starlight/components';
+
+The following projects are part of the Hyperlight family, providing language runtimes, sandboxing frameworks, developer tools, and more.
+
+<CardGrid>
+  <LinkCard title="Cargo Hyperlight" href="/resources/projects/cargo-hyperlight/" description="A cargo subcommand to simplify building Hyperlight guest binaries." />
+  <LinkCard title="HyperAgent" href="/resources/projects/hyperagent/" description="A sandboxed code-acting AI agent runtime built on Hyperlight micro-VMs." />
+  <LinkCard title="Hyperlight JavaScript" href="/resources/projects/hyperlight-js/" description="Execute JavaScript within the Hyperlight secure boundary." />
+  <LinkCard title="Hyperlight Nanvix" href="/resources/projects/hyperlight-nanvix/" description="Run the Nanvix microkernel inside Hyperlight for broad POSIX compatibility." />
+  <LinkCard title="Hyperlight Sandbox" href="/resources/projects/hyperlight-sandbox/" description="A multi-backend sandboxing framework for running untrusted code." />
+  <LinkCard title="Hyperlight Wasm" href="/resources/projects/hyperlight-wasm/" description="Run Wasm modules within Hyperlight's secure boundary using Wasmtime." />
+</CardGrid>