Sign in Subscribe
docker

Docker v0.30.0: MCP Server Management & Sandbox Profiles

Docker v0.30.0 lands experimental MCP server management, sandbox profiles for governance, non-interactive Hub login, and fixes for Linux packaging, macOS worktrees, and network isolation.

Docker v0.30.0: MCP Server Management & Sandbox Profiles

TL;DR

  • Experimental MCP server management with aggregate gateway (opt-in via SBX_MCP_ENABLE)
  • Sandbox profiles and multi-policy support for governance
  • Non-interactive Docker Hub login for CI/CD workflows
  • Configurable grace period before auto-stopping sandboxes
  • Fixes for Linux packaging, macOS worktrees, Windows installer, and network isolation

New

  • MCP server management (experimental) — Register remote endpoints, community registry servers, or local stdio commands with sbx mcp add, then pass --mcp <name> to sbx create / sbx run. Opt-in via SBX_MCP_ENABLE environment variable.
  • Sandbox profiles and multi-policy support — Foundation for richer governance configurations; sbx policy setup now works before login.
  • Non-interactive Docker Hub login — Enables scripted authentication for CI/CD pipelines.
  • Sandbox grace period — Configurable delay before auto-stopping when the last session exits.
  • Idempotent startup hookscommands.startup re-runs on every container start so init hooks survive restarts.
  • Per-kit memory files — Progressive disclosure of kit information in AI memory.
  • Loopback binding — Both loopback stacks now bind by default when publishing ports.

Fixed

  • Linux packaging now builds sailor's ffi crate instead of ffi-krun for release artifacts.
  • Sandboxes remain recoverable when workspace or worktree is deleted on the host.
  • macOS /private path compatibility for worktrees; fixes krun_start_enter failed on systems with long usernames.
  • gVisor socket directory and auth stores namespaced by --app-name to prevent daemon collisions.
  • Database version check before daemon startup surfaces instructive errors instead of crashes.
  • Raw TCP to host.docker.internal now allowed when localhost is permitted in policy.
  • Windows installer directory ID renamed to INSTALLFOLDER for safer invocation.
  • Sentinel connection in cp and kit add prevents auto-stop race conditions.

Update: docker pull docker/sbx:v0.30.0 or visit the release page for installation instructions.

Source: Docker

Read next