Skip to content

Releases: docker/sbx-releases

v0.21.0

31 Mar 15:09
@docker-read-write docker-read-write
v0.21.0
d020116
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.21.0 Latest
Latest

Highlights

This release brings network policy improvements including rule deduplication and default policy selection during sandbox creation. Linux packaging is now available as a standalone binary, and the TUI gets consistent styling, animations, and better terminal support (including Warp). Worktree handling is enhanced with the new --branch flag for multiple worktrees, and several proxy and credential fixes improve reliability across agents.

What's New

Policy & Networking

  • Deduplicate network domain rules and create one rule per domain (#2025)
  • Add default network policy selection during sandbox creation (#1903)
  • Add policy reset command to restore default policies (#1848)
  • Add dl-cdn.alpinelinux.org:443 to balanced preset (#1927)
  • Remove *.googleapis.com wildcard from service detector (#1999)
  • Remove codex allowedDomains leaking into all sandboxes (#2011)
  • Skip CIDR check for allowed domain hosts in governance engine (#1860)
  • Point SSL_CERT_FILE, NODE_EXTRA_CA_CERTS, REQUESTS_CA_BUNDLE at full CA bundle (#1883)

CLI

  • Add rm --all to remove all sandboxes (#1947)
  • Add reset --preserve-credentials and rename to --preserve-secrets (#1960, #1986)
  • Improve sbx CLI UX — policy selector, policy ls, and spacing (#1946)
  • Return exit code 127 for missing binary in sbx exec (#1911)
  • Prevent sandbox reuse when directories share the same basename (#1973)
  • Prevent double policy prompt on policy reset after sign-out (#1998)
  • Handle Ctrl+Z to suspend sbx process (#1676)
  • Allow non-release versions to be compatible with each other (#2041)

Worktrees

  • Support multiple worktrees in a sandbox using --branch flag (#1857)
  • Use branch name as worktree (#2023)

TUI

  • More consistent TUI styling (#1970)
  • Add reusable dialog open/close/resize animations (#1918)
  • Better support for Warp terminal and refactored terminal spawn logic (#1898)
  • Fix mouse hitboxes in credential creation dialog (#1884)
  • Set NoWorktree as default in TUI (#1882)
  • Terminal cleanup (#1971)

Sandbox & Daemon

  • Support configurable Docker volume size via env-var for DinD (#1834)
  • Expose internal error details in API error responses (#2040)
  • Support dots in sandbox names by sanitizing Docker network names (#1972)
  • Generic OAuth for blueprint agents (#1809)
  • Silence spurious warning when setting secret with daemon stopped (#1902)
Assets 13

Nightly build @2d932a3

01 Apr 15:12
@docker-read-write docker-read-write
nightly
d020116
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Nightly build @2d932a3 Pre-release
Pre-release

Note

Nightly build from main — 2026-04-01 (2d932a38732afd86136fac010be344b5399a715a)

Installation

macOS (Homebrew)

brew install docker/tap/ds@nightly

Windows

Download the .msi file below and double-click to install or
use the command line:

msiexec /i DockerSandboxes.msi /quiet

Ubuntu / Debian

Download DockerSandboxes-linux-amd64.deb below, then:

sudo apt install ./DockerSandboxes-linux-amd64.deb

RHEL / Fedora

Download DockerSandboxes-linux-amd64.rpm below, then:

sudo dnf install ./DockerSandboxes-linux-amd64.rpm
Loading