Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: boxlite-ai/boxlite
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.5.11
Choose a base ref
...
head repository: boxlite-ai/boxlite
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.5.12
Choose a head ref
  • 7 commits
  • 37 files changed
  • 4 contributors

Commits on Feb 13, 2026

  1. fix(ci): use temp script file instead of bash -c for docker run 

    The bash -c '...' approach caused syntax errors due to quoting
conflicts between GitHub Actions expression evaluation and bash
single-quote parsing. Write the script to a temp file via heredoc
and mount it into the container instead.
    @DorianZheng
    DorianZheng committed Feb 13, 2026
    Configuration menu
    Copy the full SHA
    1bc3530 View commit details
    Browse the repository at this point in the history

  2. fix(ci): add manylinux cargo cache to build-node workflow 

    Mirrors the caching pattern from build-runtime.yml: use actions/cache
for .cargo-manylinux/ registry and set CARGO_HOME=/work/.cargo-manylinux
so Rust dependencies are cached across runs.
    @DorianZheng
    DorianZheng committed Feb 13, 2026
    Configuration menu
    Copy the full SHA
    1248690 View commit details
    Browse the repository at this point in the history

  3. refactor(runtime): extract security types into advanced_options module ( 

    #253)

Move SecurityOptions, ResourceLimits, SecurityOptionsBuilder, and
AdvancedBoxOptions from options.rs into a dedicated advanced_options.rs
module. Rename AdvancedOptions to AdvancedBoxOptions to reflect its
association with BoxOptions.

Eliminate re-export patterns — all imports now reference source modules
directly. Delete jailer/config.rs (was a pure re-export file).

Also adds SECCOMP_FILTER_FLAG_TSYNC support for thread-synchronized
seccomp filters on Linux.
    @DorianZheng
    DorianZheng authored Feb 13, 2026
    Configuration menu
    Copy the full SHA
    8187444 View commit details
    Browse the repository at this point in the history

  4. refactor(sdk): extract security types into advanced_options module (#255 

    )

Mirror the core crate's advanced_options extraction in both SDKs:
- Python: PySecurityOptions, PyAdvancedBoxOptions → advanced_options.rs
- Node: JsSecurityOptions, coerce helpers, tests → advanced_options.rs
    @DorianZheng
    DorianZheng authored Feb 13, 2026
    Configuration menu
    Copy the full SHA
    2068a0e View commit details
    Browse the repository at this point in the history

  5. feat(api): add OpenAPI 3.1.1 spec for cloud sandbox REST API (#254) 

    * feat(api): add OpenAPI 3.1.1 spec for cloud sandbox REST API

Define the RESTful API specification for exposing BoxLite as a cloud
sandbox service.

Key design decisions:
- Versioned prefix (/v1/) with multi-tenant {prefix} path segment
- Async execution model (POST /exec returns execution_id, SSE streaming)
- WebSocket endpoint for interactive TTY sessions
- OAuth2 client credentials authentication
- Idempotency keys for safe mutation retries
- Standard error model mapping to BoxliteError variants

Endpoints: 24 across 7 resource groups (boxes, execution, files,
metrics, images, config, auth). All schemas map 1:1 to existing
Rust types (BoxOptions, BoxInfo, BoxCommand, BoxMetrics, etc.).

* fix(openapi): correct license header, GitHub URL, and JSON key naming

- Replace incorrect ASF copyright header with BoxLite Contributors header
- Fix contact URL: bxlite → boxlite-ai
- Rename hyphenated `next-page-token` to `next_page_token` (snake_case)
  to avoid code generation issues in most languages

Co-Authored-By: Claude Opus 4.6 <[email protected]>

* fix(openapi): address review feedback on error model, labels, and network enum

- Add RpcTransportError to ErrorModel.type enum (matches RpcTransport variant)
- Document UnauthorizedError as server-layer only (not a BoxliteError variant)
- Remove labels from CreateBoxRequest (BoxOptions has no labels field)
- Change network from enum to plain string for forward compatibility

---------

Co-authored-by: Yingjun Wu <[email protected]>
Co-authored-by: Claude Opus 4.6 <[email protected]>
    @DorianZheng @yingjunwu @claude
    3 people authored Feb 13, 2026
    Configuration menu
    Copy the full SHA
    882bb71 View commit details
    Browse the repository at this point in the history

  6. docs: reposition README to emphasize stateful, local-first sandbox (#257 

    )

- Update tagline: "Local-first micro-VM sandbox for AI agents"
- Rewrite "What is BoxLite?" to contrast with ephemeral sandboxes
- Restructure "Why BoxLite" bullets around key differentiators:
  stateful, lightweight, hardware isolation, no daemon, OCI, local-first

Co-authored-by: Claude Opus 4.6 <[email protected]>
    @yingjunwu @claude
    yingjunwu and claude authored Feb 13, 2026
    Configuration menu
    Copy the full SHA
    ef398fe View commit details
    Browse the repository at this point in the history

  7. chore: bump SDK versions (#259) 

    * chore: bump SDK versions

- Rust/C workspace: 0.5.11 → 0.5.12
- Python SDK: 0.5.11 → 0.5.12
- Node.js SDK: 0.2.8 → 0.2.9

* chore: update Cargo.lock for version bump
    @DorianZheng
    DorianZheng authored Feb 13, 2026
    Configuration menu
    Copy the full SHA
    23b4c34 View commit details
    Browse the repository at this point in the history
Loading