Docker SBX v0.29.0: Network Policies & Sandbox UUIDs

TL;DR

• Per-sandbox network policies with explicit domain deny lists and binary TCP support (SSH)
• Daemon-assigned UUIDs for reliable sandbox identification across restarts
• Agent improvements: Gemini SSO relay, OpenAI OAuth auto-browser, Codex auth robustness
• macOS fixes for long usernames, gVisor isolation, and database version handling

New

• Per-sandbox network policies — Fine-grained control over domain access with deniedDomains list and binary TCP protocol support (SSH, etc.)
• Daemon-assigned UUIDs — Sandboxes now carry stable identifiers for reliable tracking across restarts and telemetry
• Gemini SSO browser relay — Streamlined authentication flow for Gemini agent
• OpenAI OAuth auto-browser — Browser opens automatically during OAuth setup, reducing manual steps
• Codex auth improvements — Skips auth.json placeholder when no host credentials present
• CLI confirmation for sbx rm — Prevents accidental sandbox deletion

Fixed

• macOS long-username crash — Probes canonical socket path to avoid sun_path budget overflow on systems with lengthy usernames
• gVisor isolation under --app-name — Namespaces socket directory so concurrent daemons don't share state
• Database version handling — Checks version before daemon startup and surfaces instructive error instead of crashing
• Stranded tracker cleanup — Removes tracker after failed auto-stop with no active sessions
• DinD volume cleanup — Cleans up even when container inspect fails
• Storage config override — Applies SANDBOXES_STORAGE_ROOT override correctly
• sbx ls empty state — Now shows actionable guidance instead of blank output

Update: brew upgrade docker-sbx or download from GitHub releases.

Source: Docker