Highlights
This release expands how you connect to and provision sandboxes. The headline is an experimental native SSH endpoint in sandboxd: any SSH client can reach a sandbox directly, with the SSH username selecting the sandbox and connect-to-create behavior — interactive shells and one-shot commands work today (SFTP is not yet supported). A new sbx setup first-run experience detects agent credentials already on your host and imports them in one command, with Gordon now able to scan the host and steer you to it.
We also clarified a confusing command name — sbx policy set-default is now sbx policy init — smoothed the Cursor launch experience, and fixed a daemon hang plus several kit, naming, and Windows port-conflict issues.
What's New
SSH
- Add an experimental native SSH endpoint in sandboxd: connect with
ssh <sandbox-name>@127.0.0.1 -p 2222(publickey auth, connect-to-create, interactive shell and exec; no SFTP yet). Enable withsbx settings set feature.ssh true.
Setup & Onboarding
- Add an experimental
sbx setupcommand that imports agent credentials from environment variables. - Gordon can now detect agent credentials already present on your host and guide you to import them with the new experimental
sbx setupcommand.
Agents
- Cursor sandboxes no longer show the workspace trust prompt on launch.
Kits
- Add OCI v2 kit artifact streaming that decompresses the layer once to a cache directory and uses seek-based random access, so file content is not held in memory between reads.
CLI & Behavior Changes
- Rename
sbx policy set-defaulttosbx policy init; the old name keeps working as a hidden, deprecated alias.
Bug Fixes
- Fix a daemon hang where a slow or stuck sandbox creation/deletion blocked
sbx ls, the TUI, and new sessions until the daemon was restarted. - Fix a kit mixin regression where adding
network.serviceDomainsfor a service already provided by the base agent failed with a "credential … defined in both" error. - Reject
+in sandbox names with a clear validation error instead of panicking. - Fix the interactive host-port conflict recovery prompt not appearing on Windows when restarting a sandbox whose published port is already in use.