github docker/sbx-releases v0.28.0
on GitHub

pre-release7 hours ago

Highlights

This release introduces kits — a first-class way to define and ship sandbox agents and plugins, with community-maintained kits living in sbx-kits-contrib. Alongside that, sbx cp brings host↔container file copying to the CLI, host SSH agent forwarding lets agents use your existing SSH keys, and .worktreeinclude lets you opt specific gitignored files into worktree-backed sandbox branches. 500-level telemetry errors are now classified into specific categories instead of disappearing into unknown. A wave of kit fixes — covering Codex, Copilot, docker-agent, and droid — improves agent reliability across the board.

What's New

CLI

  • Add sbx cp command for host-container file copy (#2399)
  • Forward host SSH agent into sandboxes (#2398)
  • Check for updated templates on create/run (#2405)
  • Inform the user that sandboxes are being deleted instead of being reset (#2412)
  • Rename secret set-custom --target to --host and improve help text (#2380)
  • Hint users to run policy ls before policy rm network (#2331)
  • Restore kitty keyboard protocol on TUI suspend/resume (#2314)

Sandboxes & Worktrees

  • Support .worktreeinclude for copying gitignored files into sandbox branches (#2406)
  • Gracefully signal agents on container stop (#2185)
  • Add tini as init process to reap zombie processes, with fallback when missing (#2396, #2416)

Kits & Agents

  • Default droid agent to high autonomy (#2410)
  • Make Copilot CLI fully work in sandboxes (#2400)
  • Use docker-agent-docker template for docker-agent (#2439)
  • Pre-create CODEX_HOME directory for Codex (#2459)
  • Install optional native dependency for Codex on linux-x64 (#2456)
  • Apply initFiles mode when writing files (#2421)
  • Scope service discovery to the active agent (#2447)
  • Propagate kit ServiceDomains, ServiceAuth, and credential sources to proxy (#2434)
  • Close credential discovery gaps between CLI, library, and TUI paths (#2438)

Daemon & Networking

  • Classify 500-level server errors into specific telemetry categories (#2440)
  • Surface implicit deny baseline in policy ls (#2409)
  • Update kaemon-stdlib-go to fix policy scoping issue (#2461)
  • Dedupe domains within input in AllowNewNetworkDomains (#2460)
  • Update default allow-list to include new Docker Hub domain (#2382)
  • Use context deadlines instead of client timeout for HTTP requests (#2391)

Bug Fixes

  • Use forward slashes when writing paths inside the container on Windows (#2318)
Check out latest releases or
releases around docker/sbx-releases v0.28.0

Don't miss a new sbx-releases release

NewReleases is sending notifications on new releases.

Get notifications