github docker/sbx-releases v0.29.0-rc1
on GitHub

pre-release8 hours ago

Highlights

This release introduces a major new sandboxd HTTP API with an OpenAPI spec and fully generated client code — CLI and TUI have been migrated to use it, making the daemon the single source of truth for all sandbox operations. Per-sandbox network policies are now supported, giving callers fine-grained control over which domains each sandbox can reach, including an explicit deniedDomains list. Sandboxes now carry daemon-assigned UUIDs, enabling reliable identification across restarts and telemetry. Several agent improvements land in this release: Gemini gets SSO browser relay, Codex auth is more robust, and the OpenAI OAuth flow now auto-opens the browser.

What's New

API & Daemon

  • Add OpenAPI spec and generated code for new sandboxd API (#2480)
  • Implement daemon endpoints and migrate CLI/TUI to new API (#2519)
  • Add daemon-assigned UUID to sandbox runtimes (#2783)

Networking & Policy

  • Support per-sandbox scoped network policies (#2463)
  • Add deniedDomains to network kit policy (#2566)
  • Allow binary TCP protocols (e.g. SSH) through domain allow rules (#2664)
  • Pipe in policykit error handler for better diagnostics (#2537)

Agents

  • Enable SSO browser relay for Gemini (#2807)
  • Auto-open browser during OpenAI OAuth flow (#2548)
  • Skip auth.json placeholder for Codex when no host credentials (#2543)
  • Expose Claude guidance to Codex sandboxes (#2672)

CLI

  • Require confirmation for sbx rm <name> to prevent accidental deletion (#2576)
  • Unhide kit command in help output (#2549)

Bug Fixes

  • Route gVisor sockets to a persistent, sandboxd-owned location (#2698)
  • Delete stranded tracker after failed auto-stop with no active sessions (#2678)
  • Clean up DinD volume even when container inspect fails (#2571)
  • Apply SANDBOXES_STORAGE_ROOT override to storage config (#2532)
  • Report running binary (not first sbx on PATH) in diagnose (#2536)
  • Explain how to configure OpenAI credentials in no-creds warning (#2545)
  • Allow MCR layer-blob CDN in default-code-and-containers policy (#2719)
  • Improve empty state of sbx ls with actionable guidance (#2567)
Check out latest releases or
releases around docker/sbx-releases v0.29.0-rc1

Don't miss a new sbx-releases release

NewReleases is sending notifications on new releases.

Get notifications