OpenSandbox

vjava/sandbox/v1.0.10 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 27d Containers & Orchestration

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai ai-agent ai-infra kubernetes sandbox

Summary

AI summary

Snapshot lifecycle support added to the Sandbox Kotlin SDK.

Full changelog

What's Changed

✨ Features

Add snapshot lifecycle support to the Sandbox Kotlin SDK. The SDK now exposes snapshot create/get/list/delete flows and supports creating a sandbox from snapshotId, matching the new lifecycle API. Snapshot creation is asynchronous, so consumers should poll snapshot status until it reaches Ready or Failed; Docker is supported by the server implementation, while Kubernetes snapshot runtime support remains a follow-up. https://github.com/alibaba/OpenSandbox/pull/721 https://github.com/alibaba/OpenSandbox/pull/764
Add secure endpoint access support for Kubernetes gateway mode. Kotlin sandbox creation can now opt into secureAccess, endpoint response headers are propagated into subsequent execd/generated API calls, and sensitive access headers are redacted from SDK HTTP logs. This is opt-in and only applies to Kubernetes sandboxes exposed through ingress.mode='gateway'; Docker runtime support is intentionally rejected by the server. https://github.com/alibaba/OpenSandbox/pull/745
Add signed endpoint retrieval for short-lived sandbox port access. The Kotlin SDK now includes the signed endpoint API introduced by OSEP-0011, allowing callers to request time-limited route tokens instead of relying on static endpoint credentials. This is additive and keeps existing endpoint access behavior unchanged. https://github.com/alibaba/OpenSandbox/pull/779 https://github.com/alibaba/OpenSandbox/pull/787
Add Windows sandbox model support to the Kotlin SDK. The SDK models and converters now understand Windows OS platform values, alongside updated user documentation and unit coverage. https://github.com/alibaba/OpenSandbox/pull/785
Add PVC auto-provisioning fields to the Kotlin sandbox models. This aligns Kotlin with the cross-language SDK surface for automatic PVC or Docker volume creation on sandbox startup. https://github.com/alibaba/OpenSandbox/pull/749
Allow Sandbox.Connector to target a custom execd port. Callers can now set execdPort(port: Int) when the default 44772 port is not appropriate, while Builder and Resumer behavior remain unchanged. https://github.com/alibaba/OpenSandbox/pull/806
Add distributed SandboxPool support for the Kotlin SDK through the optional Redis-backed sandbox-pool-redis module. Pool coordination now supports shared maxIdle, resize propagation through shared state, primary election and renewal, atomic idle acquisition, stale idle cleanup, and best-effort cleanup semantics. For distributed drain, use resize(0) and wait until snapshot().idleCount == 0; releaseAllIdle() remains a best-effort cleanup pass. https://github.com/alibaba/OpenSandbox/pull/823

📦 Misc

Align secure routing constants with the ingress gateway implementation as part of the secure endpoint rollout. https://github.com/alibaba/OpenSandbox/pull/761

👥 Contributors

Thanks to these contributors ❤️

@Pangjiping
@ninan-nn

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track OpenSandbox

Get notified when new releases ship.

About OpenSandbox

Secure, Fast, and Extensible Sandbox runtime for AI agents.

All releases →