docker/sbx-releases v0.29.0

on GitHub

Highlights

This release brings per-sandbox network policies, giving callers fine-grained control over which domains each sandbox can reach, including an explicit deniedDomains list and allowance for binary TCP protocols like SSH. Sandboxes now carry daemon-assigned UUIDs, enabling reliable identification across restarts and telemetry. Several agent improvements land in this release: Gemini gets SSO browser relay, Codex auth is more robust, and the OpenAI OAuth flow now auto-opens the browser. A round of bug fixes improves daemon robustness on macOS (long-username sun_path overflow), gVisor isolation under --app-name, and database-version handling.

What's New

Networking & Policy

• Support per-sandbox scoped network policies (#2463)
• Add deniedDomains to network kit policy (#2566)
• Allow binary TCP protocols (e.g. SSH) through domain allow rules (#2664)
• Pipe in policykit error handler for better diagnostics (#2537)

Sandboxes

• Add daemon-assigned UUID to sandbox runtimes (#2783)

Agents

• Enable SSO browser relay for Gemini (#2807)
• Auto-open browser during OpenAI OAuth flow (#2548)
• Skip auth.json placeholder for Codex when no host credentials (#2543)
• Expose Claude guidance to Codex sandboxes (#2672)

CLI

• Require confirmation for sbx rm <name> to prevent accidental deletion (#2576)
• Unhide kit command in help output (#2549)

Bug Fixes

• Namespace gVisor socket dir by --app-name so concurrent daemons don't share state (#2896)
• Probe canonical socket path for sun_path budget — fixes krun_start_enter failed for macOS users with long usernames (#2885)
• Check database version before starting the daemon and surface an instructive error instead of crashing (#2882)
• Route gVisor sockets to a persistent, sandboxd-owned location (#2698)
• Delete stranded tracker after failed auto-stop with no active sessions (#2678)
• Clean up DinD volume even when container inspect fails (#2571)
• Apply SANDBOXES_STORAGE_ROOT override to storage config (#2532)
• Report running binary (not first sbx on PATH) in diagnose (#2536)
• Explain how to configure OpenAI credentials in no-creds warning (#2545)
• Allow MCR layer-blob CDN in default-code-and-containers policy (#2719)
• Improve empty state of sbx ls with actionable guidance (#2567)