Skip to content

v0.29.0

Choose a tag to compare

View all tags
@docker-read-write docker-read-write released this 13 May 14:11
· 1 commit to main since this release
v0.29.0
4a0fbcf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

This release brings per-sandbox network policies, giving callers fine-grained control over which domains each sandbox can reach, including an explicit deniedDomains list and allowance for binary TCP protocols like SSH. Sandboxes now carry daemon-assigned UUIDs, enabling reliable identification across restarts and telemetry. Several agent improvements land in this release: Gemini gets SSO browser relay, Codex auth is more robust, and the OpenAI OAuth flow now auto-opens the browser. A round of bug fixes improves daemon robustness on macOS (long-username sun_path overflow), gVisor isolation under --app-name, and database-version handling.

What's New

Networking & Policy

  • Support per-sandbox scoped network policies
  • Add deniedDomains to network kit policy
  • Allow binary TCP protocols (e.g. SSH) through domain allow rules
  • Pipe in policykit error handler for better diagnostics

Sandboxes

  • Add daemon-assigned UUID to sandbox runtimes

Agents

  • Enable SSO browser relay for Gemini
  • Auto-open browser during OpenAI OAuth flow
  • Skip auth.json placeholder for Codex when no host credentials
  • Expose Claude guidance to Codex sandboxes

CLI

  • Require confirmation for sbx rm <name> to prevent accidental deletion
  • Unhide kit command in help output

Bug Fixes

  • Namespace gVisor socket dir by --app-name so concurrent daemons don't share state
  • Probe canonical socket path for sun_path budget — fixes krun_start_enter failed for macOS users with long usernames
  • Check database version before starting the daemon and surface an instructive error instead of crashing
  • Route gVisor sockets to a persistent, sandboxd-owned location
  • Delete stranded tracker after failed auto-stop with no active sessions
  • Clean up DinD volume even when container inspect fails
  • Apply SANDBOXES_STORAGE_ROOT override to storage config
  • Report running binary (not first sbx on PATH) in diagnose
  • Explain how to configure OpenAI credentials in no-creds warning
  • Allow MCR layer-blob CDN in default-code-and-containers policy
  • Improve empty state of sbx ls with actionable guidance
Assets 15
Loading