This release adds 2 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+6 more
Affected surfaces
ReleasePort's take
Light signalv1.7.7 forwards OPENAI_API_KEY to sandbox containers and prevents recursive sandboxing when MI_SANDBOX is set in config.
Why it matters: Developers using the sandbox with OpenAI models can now pass API credentials. The recursive sandboxing fix prevents configuration errors in nested environments. Routine upgrade for most users.
Summary
AI summaryForward OPENAI_API_KEY environment variable to sandbox container and prevent recursive sandboxing by setting MI_SANDBOXED=1.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Medium |
Forward OPENAI_API_KEY to sandbox container via -e. Forward OPENAI_API_KEY to sandbox container via -e. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Bugfix | Medium |
Prevent recursive sandbox when MI_SANDBOX is set in config. Prevent recursive sandbox when MI_SANDBOX is set in config. Source: llm_adapter@2026-05-21 Confidence: high |
— |
Full changelog
- Forward
OPENAI_API_KEYto sandbox container via-e - Prevent recursive sandbox when
MI_SANDBOXis set in config: container getsMI_SANDBOXED=1to skip the sandbox code path
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Tiny agentic loop with Docker sandbox
All releases →Related context
Related tools
Earlier breaking changes
- v1.8.0 Goal tool's `check` parameter now a judge prompt, not bash command.
Beta — feedback welcome: [email protected]