Highlights
Audit logging: Sandboxes now emit structured JSONL audit records for policy decisions. Records are written to a per-OS log directory and can be forwarded to any SIEM platform for enterprise compliance workflows. Requires a Docker AI Governance subscription.
Sign-in enforcement: Administrators can now require Docker organization membership verification. Enforcement is deployed via standard endpoint management tooling: configuration profiles on macOS, the registry on Windows, and a JSON policy file on Linux. This closes the gap for organizations that need to ensure only authenticated, authorized users run AI coding agents.
What's New
Network Policy
- Removed the
-gflag fromsbx policycommands; rules now apply to all sandboxes by default. Use--sandboxto scope a rule to a single sandbox. sbx policy lsand the TUI Network Rules view hide inactive governed rules by default, with clear governance status and controls to reveal them.- Pre-select the balanced preset as the default in the network policy prompt.
Agents
- Offer interactive OpenAI sign-in on first launch of a Codex sandbox.
Secrets & Credentials
- Add OpenRouter as a built-in secret service provider.
- Unhide
sbx secret set-custom(experimental). - Fix
set-customsentinel substitution inAuthorization: Basicheaders.
Linux
- Fall back to an encrypted on-disk secret store when the system keychain is unavailable (e.g. headless servers), with a warning when a secret is written to the fallback store.
Workspaces
- Kits with
files/workspace/<path>entries now apply correctly in clone mode (--clone)
CLI
- Gate verbose
sbx versionoutput behind-D/--debug.
Templates
- Bump the sandbox base image to Ubuntu 26.04 LTS.
Bug Fixes
- Clear stale pending status in the TUI when a network deny rule is deleted.