All changelog issues

July 11, 2026 · #0001

Devboxes, suspend and resume, and the Secrets Vault

The Python SDK and CLI went from 0.19 to 0.26 over the past two months. This first issue rounds up the features that shipped along the way.

The newest addition is devboxes. instavm devbox creates a personal development VM from templates the backend serves, so new template releases show up without a CLI update. VMs can now be suspended and resumed, and --auto-resume lets a VM wake itself when work arrives.

The Secrets Vault stores API keys server-side and injects them into HTTPS requests inside the VM at TLS time. Any client works unchanged: Python, Node, Go, Java, curl, and more. Cookbooks declare the services they need in an instavm.yaml v2 manifest, and instavm deploy finds or bootstraps a matching vault.

Observability grew in both directions. instavm events tails audit events, instavm webhooks manages endpoints and deliveries, and instavm.webhooks.verify() checks signatures offline. Tapes record agent sessions across tool calls, filesystem changes, egress, and LLM calls, and replay them without a network round trip.

Rounding it out: instavm login signs in through the browser with PKCE, instavm browser drives pages from the terminal, and recordings, credits, and usage breakdowns are available in both the SDK and CLI.

Upgrade with pip install --upgrade instavm. Release notes for each version are in the README changelog.

  1. 01Devboxes: personal development VMs from backend templates
  2. 02Suspend and resume VMs, with per-VM auto resume
  3. 03Secrets Vault: server-side credential injection for any HTTPS client
  4. 04instavm.yaml v2 manifests with vault-aware cookbook deploys
  5. 05Audit events and webhooks from the terminal
  6. 06Tape recording and replay for agent sessions
  7. 07Recordings, credits, and usage in the SDK and CLI
  8. 08Browser login and full browser control from the CLI
We use cookies to improve your experience. See our cookie policy.