Skip to content

v0.31.0

Choose a tag to compare

View all tags
@docker-read-write docker-read-write released this 28 May 16:11
v0.31.0
e4809b1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

Clone mode: --clone

The --branch flag has been removed in favor of --clone (clone mode). Using --branch now fails with:

$ sbx run claude --branch foo
ERROR: --branch is no longer supported; use --clone instead

Clone mode does not create a branch or worktree on your behalf — instead of a host-side worktree, the sandbox now runs against an in-container read-only clone.

  • Your source repository is mounted into the sandbox read-only, and the shallow clone sets that mount as a Git remote. The agent only ever writes to the in-container clone, never to your working tree or .git/
  • The clone lives on the sandbox's filesystem and is exposed back to the host as a sandbox-<name> Git remote served by git-daemon (no more .sbx/<name>-worktrees/... on the host).
  • Forge remotes (origin, upstream, etc.) on the host are propagated into the in-container clone, so the agent can git push origin directly, the same way you would. Local-path remotes are skipped.
  • Fetched sandbox refs are mirrored into refs/sandboxes/<name>/* on the host and persist after the sandbox is removed. Restore a branch from a removed sandbox with git branch <local-name> refs/sandboxes/<name>/<branch>. Commits that were never fetched, or uncommitted changes, are still lost on sbx rm.
  • The sandbox-<name> remote is added to your host on sbx create --clone / sbx run --clone and removed on sbx rm, including across stop and restart.

What's New

CLI

  • sbx create auto-starts the daemon when it isn't already running.
  • sbx logout now stops the daemon and running sandboxes.
  • Unify terminal environment variables across sbx run and sbx exec.

Policies

  • Show policy and rule names in CLI list output and TUI details.
  • Add filters to the policies listing.

Kits

  • Mark kits as experimental.
  • Verbose error reporting for kit apply failures.

Sandboxes

  • Opt a sandbox into virtiofs caching at create time via DOCKER_SANDBOXES_ENABLE_VIRTIOFS_CACHE=1 (off by default; the choice is persisted in the spec and survives daemon restarts).

Networking

  • Allow public-CA CRL/OCSP/AIA endpoints in the balanced proxy preset. Applies to new installations or after sbx policy reset (which removes any user-added rules).

Telemetry

  • Surface port_publish_failed inner error detail.

Secrets

  • Store container-registry pull credentials with sbx secret set --registry, so sbx run --template and sbx run --kit can pull from private registries (GHCR, ACR, ECR, Quay, …) without a docker login. Manage entries with sbx secret ls and remove them with sbx secret rm --registry <host>.

Warning

By default the credential is stored host-side only and is used just for pulling templates/kits. It is never placed inside a sandbox. If you pass -g (or scope it to a sandbox name), the credential is injected into the sandbox in plaintext, where the agent and any code running there can read it. Only use -g/sandbox scope when the sandbox itself needs to pull from the registry; otherwise omit -g to keep it host-only.

Bug Fixes

  • Sort template ls output by repository, then tag.
  • Retry ExecResize to keep the agent TUI in sync.
  • Set TERM=xterm-256color when exec'ing with -t.
  • Move the state directory symlink from /tmp to ~/.sbx/run/.
  • Stop storageRootsGone from locking the storagekit singleton.
  • Use engineError and add retry debug logging in sandboxd.
  • Retry transient shim start closures.
  • Make Cursor session bootstrap proxy-local.
  • Add bracketed [::1] to NO_PROXY for IPv6 loopback.
  • Backdate proxy CA NotBefore to match the goproxy leaf cert window.
Assets 15
Loading