docs(sandboxes): post-v0.32.0 doc updates#25329
Draft
dvdksn wants to merge 8 commits into
Draft
Conversation
docker-agent
left a comment
docker-agent
left a comment
There was a problem hiding this comment.
Assessment: 🟢 APPROVE
The three documentation updates are accurate, well-scoped, and follow Docker's style guide. No issues found.
✅ Deploy Preview for docsdocker ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
dvdksn
force-pushed
the
worktree-sandboxes-docs-post-v0.32
branch
from
3c6cc0a to
0abc693
Compare
…olation Sandbox DNS lookups now go through the same policy engine as TCP connections — a denied domain is refused at the resolver level, not just the connection level. Updated the network isolation description to reflect this guarantee rather than describing DNS as merely proxied. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Audit records now include an `agent` field identifying which AI agent drove the sandbox (claude, codex, etc.), so multi-agent deployments can attribute policy decisions per agent. Added to the example record and the field reference table. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
sbx secret set-custom --host is now repeatable, so one secret entry can cover multiple domains. Added a second example showing the multi-host form and updated the prose to reflect that the proxy matches any of the configured hosts. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
dvdksn
force-pushed
the
worktree-sandboxes-docs-post-v0.32
branch
2 times, most recently
from
233c7b3 to
f0f187e
Compare
--name now identifies a sandbox independently of the working directory. Expanded the reconnecting and naming section to cover: re-attaching by name from any directory, re-running a create command to reconnect without error, and using distinct names to run multiple sandboxes against the same workspace. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
dvdksn
force-pushed
the
worktree-sandboxes-docs-post-v0.32
branch
from
f0f187e to
dc1affd
Compare
sbx secret set-custom --host accepts wildcards (* for a single label, ** for any number), using the same syntax as network rules. Added a note and examples alongside the repeatable --host guidance. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…d Linux Direct-mode virtiofs caching is now on by default on macOS and Linux; Windows remains opt-in. Corrected the troubleshooting guidance, which still described caching as disabled by default, and documented DOCKER_SANDBOXES_ENABLE_VIRTIOFS_CACHE=0 as the kill switch. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Arguments after `--` no longer wholesale-replace an agent's default entrypoint flags. The default flags are now kept when the first user argument is itself a flag (begins with `-`), and replaced only when the first argument is a bare word (a subcommand or prompt). Updated the "Default startup command" section on each affected agent page and fixed examples that re-included flags now retained automatically. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Ctrl+V image/screenshot paste into sandboxed agents (Claude Code, Codex) is opt-in via the clipboard.imagePaste setting. Added an FAQ entry covering how to enable it and the isolation tradeoff: enabling it lets a sandbox process read the host clipboard through the proxy, scoped to image data only and never cached or logged. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
dvdksn
force-pushed
the
worktree-sandboxes-docs-post-v0.32
branch
from
3047687 to
613f8fa
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Documentation updates based on changes merged into docker/sandboxes after the v0.32.0 release cut (through v0.33.0-rc1):
security/isolation.md): clarifies that DNS resolution is subject to the same network policy as outbound connections — domains that policy denies are refused at the resolver, not just blocked at the connection level. Loopback names such aslocalhostare always resolved regardless of policy.governance/audit.md): documents the newagentfield on audit records, which identifies the AI agent driving the sandbox.security/credentials.md): documents that--hostonsbx secret set-customis now repeatable and accepts wildcard patterns (*for a single label,**for any number), so one secret can cover multiple domains.--nameas primary sandbox identity (usage.md,workflows.md): documents that--nameidentifies a sandbox independently of the working directory — re-attach from anywhere, run multiple named sandboxes per workspace, and re-run a create command to reconnect. Updates existing examples that used the positional sandbox-name form to use--namefor consistency.troubleshooting.md): corrects the slow-filesystem guidance — virtiofs caching is now enabled by default on macOS and Linux (Windows remains opt-in), andDOCKER_SANDBOXES_ENABLE_VIRTIOFS_CACHE=0is the kill switch.--argument behavior (agents/*.md): corrects the "Default startup command" guidance across the agent pages — arguments after--keep the agent's default flags when the first argument is itself a flag, and replace them only when it's a bare word (subcommand or prompt).faq.md): documents the opt-inclipboard.imagePastesetting for pasting host images into agents withCtrl+V, including the host-clipboard isolation tradeoff.Generated by Claude Code