Skip to content

Release history

OpenSandbox releases

Secure, Fast, and Extensible Sandbox runtime for AI agents.

Back to tool Latest release

All releases

117 shown

No immediate action
docker/execd/v1.0.18 Bug fix

Process‑group kill on cancel

Open
No immediate action
k8s/image-committer/v0.1.0 Maintenance

Routine maintenance and dependency updates.

Open
No immediate action
docker/execd/v1.0.17 Mixed

Pre‑bootstrap script + SSE fixes + file durability

Open
Upgrade now
server/v0.1.14 Bug fix
Dependencies

Fix pool-mode 500 on null template

Open
Review required
sdks/sandbox/go/v1.0.1 Breaking risk
Breaking upgrade Crypto / TLS

Close returns error; TLS 1.2 minimum

Open
No immediate action
docker/egress/v1.0.12 Bug fix

SSE/streaming stutter fix

Open
Review required
k8s/controller/v0.2.0 Breaking risk
Auth Dependencies Crypto / TLS

Auto‑assign pool + Public snapshot API

Open
No immediate action
helm/opensandbox-controller/0.2.0 Maintenance

Routine maintenance and dependency updates.

Open
No immediate action
helm/opensandbox/0.2.0 Breaking risk

pause/resume + snapshots

Open
Review required
k8s/task-executor/v0.2.0 Breaking risk
Auth Dependencies

Auto‑assign pool + pause/resume

Open
Config change
docker/execd/v1.0.16 Bug fix
Crypto / TLS

Merged CA bundle fix

Open
No immediate action
cli/v0.1.1 Breaking risk

Stable diagnostics commands

Open
No immediate action
python/sandbox/v0.1.9 New feature

Metadata patch + Diagnostics API

Open
No immediate action
java/sandbox/v1.0.11 New feature

Metadata patch + Diagnostics API

Open
python/sandbox/v0.1.8 New feature
Notable features
  • First-class Python sandbox pool support (in‑memory and Redis‑backed via opensandbox[pool-redis]) with lifecycle snapshots, resize/reconcile, and stale‑idle cleanup.
  • Snapshot APIs to create, get, list, delete snapshots and spawn sandboxes from a snapshotId (asynchronous creation).
  • Secure endpoint access surfaces for Kubernetes gateway deployments with signed short‑lived route tokens.
Full changelog

What's New

✨ Features

  • Add first-class Python sandbox pool support for both async and sync clients. This release includes single-node in-memory pools, optional Redis-backed distributed pool stores via opensandbox[pool-redis], lifecycle snapshots, resize/reconcile behavior, stale-idle cleanup, and documentation for operating distributed pools. Redis support is exposed from opensandbox.pool_redis so the base SDK import path does not require Redis dependencies. by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/823

  • Add snapshot APIs to the Python SDK. Consumers can create, get, list, and delete snapshots, and can create new sandboxes from a snapshotId; snapshot creation remains asynchronous, so callers should poll until the snapshot reaches Ready or Failed. Docker-backed servers support the full flow in this release, while unsupported runtimes may return not implemented. by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/764

  • Add secure endpoint access surfaces. Python async and sync SDKs now support secureAccess on sandbox creation for Kubernetes gateway deployments, and expose signed endpoint retrieval for short-lived sandbox route access without sharing static tokens. Default endpoint behavior is unchanged unless secure access is explicitly requested. by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/745 and by @Pangjiping in https://github.com/alibaba/OpenSandbox/pull/787

  • Extend Python sandbox model support for new platform and storage options. The SDK now recognizes Windows platform OS values and syncs PVC auto-provisioning fields across the Python models and converters, keeping request payloads aligned with the updated lifecycle contract. by @Pangjiping in https://github.com/alibaba/OpenSandbox/pull/785 and https://github.com/alibaba/OpenSandbox/pull/749

🐛 Bug Fixes

  • Preserve API error detail from sandbox creation failures. FastAPI-style wrapped error responses are now parsed by the Python exception conversion path so callers keep the original server context instead of receiving a flattened fallback error. by @Gujiassh in https://github.com/alibaba/OpenSandbox/pull/824

  • Preserve timeout=None for manual-cleanup sandbox creation. The Python SDK now serializes an explicit None timeout as JSON null instead of omitting the field, so manual cleanup intent is retained while keeping the existing public timeout: timedelta | None API. by @Gujiassh in https://github.com/alibaba/OpenSandbox/pull/760

  • Harden command streaming error parsing for mixed deployments. The Python SDK now tolerates traceback: null in SSE command-start failures while execd normalizes foreground command error payloads to match the API contract. by @Aboysky in https://github.com/alibaba/OpenSandbox/pull/701

📦 Misc

  • Regenerate Python lifecycle client code for updated snapshot routes, including snapshot creation and deletion endpoint changes. by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/840

  • Refresh Python sandbox SDK development dependencies: pygments 2.20.0 and pytest 9.0.3. by @dependabot in https://github.com/alibaba/OpenSandbox/pull/671 and https://github.com/alibaba/OpenSandbox/pull/720

👥 Contributors

Thanks to these contributors ❤️

@ninan-nn
@Pangjiping
@Gujiassh
@Aboysky

View release on GitHub
docker/execd/v1.0.15 Bug fix
Notable features
  • `ServerAccessToken` can be set via `EXECD_ACCESS_TOKEN` env variable, CLI flag takes precedence
Full changelog

What's New

✨ Features

  • ServerAccessToken can now be set via EXECD_ACCESS_TOKEN environment variable as an alternative to the --access-token CLI flag. When both are provided, the CLI flag takes precedence (#846)

🐛 Bug Fixes

  • sanitize sensitive data before logging user commands: masks passwords, tokens, API keys (including LTAI/AKIA/AKID cloud access keys), Authorization headers, and URL credentials. Also masks the Jupyter auth token logged at startup (#815)

📦 Misc

  • refresh architecture documentation: update docs/architecture.md and architecture overview SVG to reflect current OpenSandbox design; update components/execd/DEVELOPMENT.md examples from Beego-era guidance to current Gin/package-logger setup (#833)
  • document coding standards enforcement across all components (Ruff, ESLint, Spotless/ktlint, .NET analyzers, go vet, golangci-lint, gofmt); add C# SDK .editorconfig; make native Go binary builds repeatable with -trimpath, -buildvcs=false, fixed SOURCE_DATE_EPOCH metadata (#808)

👥 Contributors

Thanks to these contributors ❤️

  • @Pangjiping
  • @hittyt
  • Docker Hub: opensandbox/execd:v1.0.15
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.15
View release on GitHub
server/v0.1.13 New feature
⚠ Upgrade required
  • API key can be overridden with env var OPENSANDBOX_SERVER_API_KEY which takes precedence over TOML config server.api_key
Security fixes
  • Host path validation now resolves symlinks via os.path.realpath() to prevent bypass (#816)
  • CodeQL static analysis fixes addressing integer conversion, stack trace exposure, clear‑text logging, regex backtracking, JS string escaping, and OSSFS temp file permissions (#795)
Notable features
  • Snapshot lifecycle management with async background commit, SQLite metadata store, Docker/Kubernetes support
  • OSEP-0011: Signed endpoints for secure route access using SHA256‑signed time‑limited tokens
Full changelog

What's New

✨ Features

  • Snapshot lifecycle management — create/get/list/delete APIs with async background commit, SQLite metadata store, and startup recovery for unfinished snapshots. Sandbox restore via snapshotId. SDK support across all 5 languages.

    • Docker: image commit/delete/inspect runtime (#764)
    • Kubernetes: SandboxSnapshot CRD with server-side watching (#837)
    • Deletion durability: records persisted as Deleting before runtime cleanup, so interrupted deletes recover via existing startup path instead of leaving stale Ready metadata (#842)

  • OSEP-0011: Signed endpoints for secure route accessGET /sandboxes/{sandboxId}/endpoints/{port}?expires=<unix_seconds> returns SHA256-signed time-limited route tokens. Ingress gateway verifies signature before proxying. SDK support across all 5 languages. (#787)

  • OSEP-0008: Pause/resume with rootfs snapshot (Kubernetes)/pause and /resume endpoints, SandboxSnapshot CRD + controller, nerdctl-based image-committer Job. Supports pausePolicy in pool-based BatchSandbox. (#668)

  • API key env overrideOPENSANDBOX_SERVER_API_KEY env var overrides server.api_key from TOML config. Helm chart updated with env support. (#830)

🐛 Bug Fixes

  • K8s: event loop blocked during sandbox creationtime.sleep in _wait_for_sandbox_ready blocked the asyncio event loop, causing liveness probe timeouts. Replaced with await asyncio.sleep. (#841)

  • Host path validation bypass via symlinks — host paths and allowed prefixes now resolved with os.path.realpath() before validation. Closes #814. (#816)

  • CodeQL static analysis fixes — fixed integer conversion, stack trace exposure, clear-text logging, regex backtracking, JS string escaping, missing workflow permissions. OSSFS temp files now owner-only. (#795)

  • CodeQL false positive documentation — documented suppressions for sandbox-local SQL execution, Docker port probe, and startup-guard logging. (#797)

📦 Misc

  • Docker runtime modularization — split 2698-line docker.py into mixin modules (orchestration, container ops, networking, volumes, runtime). No behavior changes. (#832)

  • Coverage enforcement — CI enforces 80% statement coverage with pytest-cov --cov-fail-under=80. (#828)

👥 Contributors

Thanks to these contributors ❤️

  • @qingyuppp
  • @fengcone
  • @Pangjiping
  • @sauce-git
  • @hittyt
  • @ninan-nn
  • PyPI: opensandbox-server==0.1.13
  • Docker Hub: opensandbox/server:v0.1.13
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.13
View release on GitHub
java/sandbox/v1.0.10 New feature
Notable features
  • Snapshot lifecycle (create/get/list/delete) with async creation and polling in Kotlin SDK
  • Secure endpoint access support for Kubernetes gateway mode via `secureAccess` opt-in flag
  • Signed short-lived endpoint retrieval API per OSEP-0011
Full changelog

What's Changed

✨ Features

  • Add snapshot lifecycle support to the Sandbox Kotlin SDK. The SDK now exposes snapshot create/get/list/delete flows and supports creating a sandbox from snapshotId, matching the new lifecycle API. Snapshot creation is asynchronous, so consumers should poll snapshot status until it reaches Ready or Failed; Docker is supported by the server implementation, while Kubernetes snapshot runtime support remains a follow-up. https://github.com/alibaba/OpenSandbox/pull/721 https://github.com/alibaba/OpenSandbox/pull/764
  • Add secure endpoint access support for Kubernetes gateway mode. Kotlin sandbox creation can now opt into secureAccess, endpoint response headers are propagated into subsequent execd/generated API calls, and sensitive access headers are redacted from SDK HTTP logs. This is opt-in and only applies to Kubernetes sandboxes exposed through ingress.mode='gateway'; Docker runtime support is intentionally rejected by the server. https://github.com/alibaba/OpenSandbox/pull/745
  • Add signed endpoint retrieval for short-lived sandbox port access. The Kotlin SDK now includes the signed endpoint API introduced by OSEP-0011, allowing callers to request time-limited route tokens instead of relying on static endpoint credentials. This is additive and keeps existing endpoint access behavior unchanged. https://github.com/alibaba/OpenSandbox/pull/779 https://github.com/alibaba/OpenSandbox/pull/787
  • Add Windows sandbox model support to the Kotlin SDK. The SDK models and converters now understand Windows OS platform values, alongside updated user documentation and unit coverage. https://github.com/alibaba/OpenSandbox/pull/785
  • Add PVC auto-provisioning fields to the Kotlin sandbox models. This aligns Kotlin with the cross-language SDK surface for automatic PVC or Docker volume creation on sandbox startup. https://github.com/alibaba/OpenSandbox/pull/749
  • Allow Sandbox.Connector to target a custom execd port. Callers can now set execdPort(port: Int) when the default 44772 port is not appropriate, while Builder and Resumer behavior remain unchanged. https://github.com/alibaba/OpenSandbox/pull/806
  • Add distributed SandboxPool support for the Kotlin SDK through the optional Redis-backed sandbox-pool-redis module. Pool coordination now supports shared maxIdle, resize propagation through shared state, primary election and renewal, atomic idle acquisition, stale idle cleanup, and best-effort cleanup semantics. For distributed drain, use resize(0) and wait until snapshot().idleCount == 0; releaseAllIdle() remains a best-effort cleanup pass. https://github.com/alibaba/OpenSandbox/pull/823

📦 Misc

  • Align secure routing constants with the ingress gateway implementation as part of the secure endpoint rollout. https://github.com/alibaba/OpenSandbox/pull/761

👥 Contributors

Thanks to these contributors ❤️

@Pangjiping
@ninan-nn

View release on GitHub
docker/ingress/v1.0.7 Breaking risk
⚠ Upgrade required
  • Update ingress configuration to omit the deprecated `--namespace` flag; it will no longer be accepted.
  • Ensure sandbox IDs are unique across namespaces to avoid rejection errors.
Breaking changes
  • --namespace flag deprecated and removed
  • Ambiguous sandbox IDs across namespaces are now rejected
Notable features
  • Secure access routing via `--secure-access-keys` for signed URL verification (OSEP-0011)
  • Log rotation with lumberjack defaults (100MB, 30d, 10 backups)
Full changelog

What's New

✨ Features

  • Multi-namespace support: Ingress watches sandbox CRs across all namespaces instead of a single one. --namespace flag deprecated. Ambiguous sandbox IDs across namespaces are rejected. (#699)
  • Secure access routing (OSEP-0011): Added --secure-access-keys flag for signed URL verification. Sandboxes with opensandbox.io/secure-access require valid signatures; sandboxes without it continue to work with unsigned routes. (#761)
  • Log rotation: File log outputs auto-rotate via lumberjack (100MB, 30d, 10 backups default). (#791)

🐛 Bug Fixes

  • Proxy panic log now includes uri, host, method fields for debugging. (#802)
  • CodeQL static analysis fixes (integer conversion hardening in signature package). (#795)

📦 Misc

  • Bumped OpenTelemetry Go deps for security alerts (#799)
  • Repeatable builds: -trimpath, -buildvcs=false, fixed metadata (#808)
  • Added .dockerignore to shrink build context (#718)

👥 Contributors

Thanks to these contributors ❤️

  • @Pangjiping
  • @hittyt
  • Docker Hub: opensandbox/ingress:v1.0.7
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/ingress:v1.0.7
View release on GitHub
docker/egress/v1.0.10 Security relevant
Security fixes
  • Bump OpenTelemetry Go dependencies to v1.43.0 to resolve Dependabot security alerts
  • Address CodeQL static analysis findings: integer conversion safety, clear-text logging fixes, and hardening
Notable features
  • Log rotation via lumberjack with configurable retention (100 MB default max size, 30-day retention, 10 backups)
  • Fixes mitmproxy OOM by streaming large responses to disk, adds automatic mitmdump restart on unexpected exit
Full changelog

What's New

✨ Features

  • Log rotation via lumberjack for file-based log outputs. Auto-enabled with defaults (100 MB max size, 30-day retention, 10 backups) when log path is a file. stdout/stderr unaffected. (#791)

🐛 Bug Fixes

  • Fix mitmproxy OOM kill by streaming large response bodies (>1 MB) to disk instead of buffering them in memory. Adds automatic mitmdump restart on unexpected exit, so transient failures no longer take down the egress proxy. (#819)
  • Address CodeQL static analysis findings in egress Go code — integer conversion safety, clear-text logging fixes, and other hardening. (#795)

📦 Misc

  • Bump OpenTelemetry Go dependencies to v1.43.0 to resolve Dependabot security alerts. (#799)
  • Document coding standards and add build reproducibility flags (-trimpath, -buildvcs=false, fixed metadata) to egress native binary builds. (#808)
  • Rebalance code comments in enforcement path. No functional change. (#786)

👥 Contributors

Thanks to these contributors ❤️

  • @Pangjiping
  • @hittyt
  • Docker Hub: opensandbox/egress:v1.0.10
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.10
View release on GitHub
docker/execd/v1.0.14 Security relevant
Security fixes
  • CodeQL static analysis findings (medium/high severity) fixed in execd
  • OpenTelemetry Go dependencies bumped to v1.43.0 addressing security alerts
Notable features
  • Lumberjack-backed log rotation (100MB max size, 30-day retention, 10 backups)
Full changelog

What's New

✨ Features

  • add lumberjack-backed log rotation, auto-enabled for file outputs with defaults (100MB max size, 30-day retention, 10 backups, no compression). stdout/stderr outputs unaffected (#791)

🐛 Bug Fixes

  • default execd listener to IPv4-only (tcp4) to avoid unintended IPv6 dual-stack socket binding (#801)
  • forward SIGTERM to entrypoint process so sandbox workloads receive the signal and can shut down gracefully (#793)
  • import mitmproxy CA into NSS DB ($HOME/.pki/nssdb) so Chrome trusts intercepted TLS in transparent egress mode; export NODE_EXTRA_CA_CERTS for Node.js/npm TLS trust behind interception; install nss-tools in execd image (#776)

🔒 Security

  • fix medium/high CodeQL static analysis findings in execd: document and suppress sandbox-local SQL execution false positives, tighten OSSFS temp file creation to owner-only mode (#795, #797)
  • bump OpenTelemetry Go dependencies to v1.43.0, addressing Dependabot security alerts across execd, egress, and shared internal telemetry modules (#799)

👥 Contributors

Thanks to these contributors ❤️

  • @Pangjiping
  • @hittyt
  • Docker Hub: opensandbox/execd:v1.0.14
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.14
View release on GitHub
docker/egress/v1.0.9 New feature
Notable features
  • Precompile domain rule index for fast Evaluate while preserving first-match semantics
  • Refactor egress's system CPU and memory collector by gopsutil
Full changelog

What's New

✨ Features

  • precompile domain rule index for fast Evaluate while preserving first-match semantics (#722)
  • refactor egress's system CPU and memory collector by gopsutil (#697)

🐛 Bug Fixes

  • check uid/gid fit in int before ParseUint cast (#756)

📦 Misc

  • mitmproxy docs and benchmark update (#753)

👥 Contributors

Thanks to these contributors ❤️

  • @Pangjiping
  • Docker Hub: opensandbox/egress:v1.0.9
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.9
View release on GitHub
server/v0.1.12 Breaking risk
Breaking changes
  • allowed_host_paths defaults to deny-all instead of allow-all
  • Server requires explicit startup confirmation when api_key is unset
Security fixes
  • Sandbox escape vulnerability (#750)
Notable features
  • Windows Sandbox support
  • GPU resource limits honored across runtimes
  • X-Forwarded-* header injection for proxied requests
Full changelog

What's New

⚠️ Breaking Changes

  • allowed_host_paths defaults to deny-all — Previously, when [storage].allowed_host_paths was empty or unset, the server allowed all host path mounts into sandboxes, creating a sandbox escape vulnerability (closes #750). This release flips the default to deny all host mounts. Users who need the legacy behavior must explicitly set allowed_host_paths = ["/"] as a temporary compatibility measure. Additionally, the server now requires explicit startup confirmation when api_key is unset. (#751)

✨ Features

  • Windows Sandbox
    • windows server by dockur/windows (#712)
    • resolves a port exposure logic error affecting Windows sandbox containers and egress network scenarios. (#733)
    • Windows container support for BatchSandbox Kubernetes workloads. (#752)
  • propagate opensandbox.extensions. to Pod annotations — Extensions with the opensandbox.extensions. prefix are now automatically copied to Kubernetes Pod annotations with the opensandbox.io/extensions. (#772)
  • GPU resource limits now honored across both runtimes
    • Docker: mapped to DeviceRequest(count=N, capabilities=[["gpu"]]). (#775)
    • Kubernetes: translated to the canonical extended resource nvidia.com/gpu, enabling the NVIDIA device plugin to schedule GPU pods. (#782)

🐛 Bug Fixes

  • Inject X-Forwarded-* headers for proxied HTTP requests — When proxying HTTP requests to a user sandbox via use_server_proxy, the server now injects X-Forwarded-Proto, X-Forwarded-Host, and X-Forwarded-For headers. Previously, web apps inside the sandbox (VS Code, Jupyter, OAuth callbacks) had no way to determine the original scheme, host, or client IP, causing broken HTTPS redirects and incorrect absolute URL generation. Uses setdefault semantics for upstream proxy chain safety. (#777)
  • Honor server.eip for proxied endpoint URLs — When use_server_proxy=true, the server now uses the configured server.eip to generate externally reachable proxy endpoints instead of returning internal base_url addresses. Falls back to existing behavior when eip is unset. (#747)

📦 Misc

  • bump execd to v1.0.13 with config template, documentation, and test updates (#763)
  • chore(deps): bump python-dotenv from 1.2.1 to 1.2.2 in /server (#784)

👥 Contributors

Thanks to these contributors ❤️

  • @bytkim
  • @wangdengshan
  • @504097723
  • @Pangjiping
  • @ninan-nn
  • PyPI: opensandbox-server==0.1.12
  • Docker Hub: opensandbox/server:v0.1.12
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.12
View release on GitHub
docker/execd/v1.0.13 Mixed
Notable features
  • Basic runtime OpenTelemetry metrics
  • Pre-built execd.exe and install.bat in release image for Windows distribution
Full changelog

What's New

✨ Features

  • basic runtime OTEL metrics for execd (#697)
  • pre-build execd.exe and install.bat to execd release image for windows distribution (#712)

🐛 Bug Fixes

  • fix permission error when sync mitmproxy certs (#734)
  • enlarge mitmproxy certs wait time to 30s (#762)

👥 Contributors

Thanks to these contributors ❤️

  • @Pangjiping
  • Docker Hub: opensandbox/execd:v1.0.13
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.13
View release on GitHub
server/v0.1.11 Mixed
Notable features
  • Auto-create PVC/Docker volumes on sandbox creation
Full changelog

What's New

✨ Features

  • auto-create PVC/Docker volumes on sandbox creation (#661)

🐛 Bug Fixes

  • fix incorrect metadata error message (#703)
  • use [log].level instead of [server].log_level (#737)
  • relax ingress gateway address validation for URI route mode (#740)

📦 Misc

  • simply example configuration (#741)
  • refactor large file kubernetes_service.py (#694)
  • add Dockerfile.dockerignore to reduce build context (#718)
  • chore(deps-dev): bump pytest from 9.0.1 to 9.0.3 in /server (#716)
  • remove useless comments under server/tests (#693)

👥 Contributors

Thanks to these contributors ❤️

  • @PremPrakashCodes
  • @Pangjiping
  • @xfgong
  • @dependabot
  • PyPI: opensandbox-server==0.1.11
  • Docker Hub: opensandbox/server:v0.1.11
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.11
View release on GitHub
docker/egress/v1.0.8 Mixed
Notable features
  • Dynamic reload of deny.always and allow.always rules every minute with mtime/size change detection and file deletion support
Full changelog

What's New

✨ Features

  • [beta] built-in mitmproxy support (#615)
  • reload deny.always and allow.always every minute using mtime/size checks, treat file deletion as rule removal, and apply updates to both DNS evaluation and nft static policy (#698)

🐛 Bug Fixes

  • relax dns upstream failover and change dynamic nftables log to debug (#739)

📦 Misc

  • add Dockerfile.dockerignore to reduce build context (#718)

👥 Contributors

Thanks to these contributors ❤️

  • @Pangjiping
  • Docker Hub: opensandbox/egress:v1.0.8
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.8
View release on GitHub
docker/execd/v1.0.12 Mixed
Notable features
  • trust mitm proxy with OPENSANDBOX_EGRESS_MITMPROXY_TRANSPARENT environment variable
View release on GitHub
java/code-interpreter/v1.0.9 Maintenance

## What's New ### 📦 Misc * update open-sandbox dependency version 1.0.9

View release on GitHub
sdks/sandbox/go/v1.0.0 New feature
⚠ Upgrade required
  • Requires Go 1.20 or later
Notable features
  • Go SDK with oapi-codegen support for Lifecycle, Execd, and Egress APIs
Full changelog

What's New

Go SDK first release. 🎉🎉

✨ Features

  • Go SDK with oapi-codegen for Lifecycle, Execd, and Egress APIs (#597)
  • downgrade sdks/go version to 1.20 (#707)

🐛 Bug Fixes

  • fix sdk bugs and simply init package struct (#683)

👥 Contributors

Thanks to these contributors ❤️

  • @AlexandrePh
  • @Pangjiping
go get github.com/alibaba/OpenSandbox/sdks/sandbox/[email protected]
View release on GitHub
docker/execd/v1.0.11 Bug fix
Security fixes
  • Bind token injection to allowlisted host/scheme; disable unsafe redirects for auth client
View release on GitHub
docker/egress/v1.0.7 Mixed
Notable features
  • Upstream health probes with active list and configurable probe name
  • Graceful shutdown with automatic network namespace rollback
Full changelog

What's New

✨ Features

  • upstream health probes, active list, configurable probe name (#655)
  • add grace shutdown for egress and rollback all network namespace when egress closes (#654)

📦 Misc

  • extract safego to internal common package and wrapper egress goroutines with safego (#670)

👥 Contributors

Thanks to these contributors ❤️

  • @Pangjiping
  • Docker Hub: opensandbox/egress:v1.0.7
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.7
View release on GitHub
server/v0.1.10 New feature
Notable features
  • File logger configuration for server and access logs
  • Uvicorn timeout_keep_alive configuration exposed
  • Optional platform object for scheduling/runtime constraints
View release on GitHub
java/code-interpreter/v1.0.7 Maintenance

## What's New ### 📦 Misc * update open-sandbox dependency version 1.0.7

View release on GitHub
docker/egress/v1.0.6 New feature
Notable features
  • OPENSANDBOX_EGRESS_DNS_UPSTREAM environment variable to specify custom DNS upstream resolvers beyond /etc/resolv.conf
Full changelog

What's New

✨ Features

  • add OPENSANDBOX_EGRESS_DNS_UPSTREAM so resolvers are not taken only from /etc/resolv.conf. (#633)

👥 Contributors

Thanks to these contributors ❤️

  • @Pangjiping
  • Docker Hub: opensandbox/egress:v1.0.6
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.6
View release on GitHub
java/sandbox/v1.0.7 Bug fix

Aligns Host.path validation with specification across runtimes.

View release on GitHub
java/sandbox/v1.0.6 New feature
⚠ Upgrade required
  • runInSession timeout parameter design to be adjusted in a future SDK release; avoid relying on it for now
Notable features
  • New runInSession method for session-based sandbox execution
Full changelog

[!WARNING]
runInSession was newly introduced in this release, but its current timeout parameter design has an issue.
We plan to adjust it in a future SDK release.
If possible, avoid relying on this timeout parameter for now.

What's New

✨ Features

  • Enhance sandbox pool functions by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/617

👥 Contributors

Thanks to these contributors ❤️

  • @ninan-nn
View release on GitHub
docker/ingress/v1.0.6 Bug fix

Relaxes WebSocket CheckOrigin validation for trusted reverse proxies.

View release on GitHub
docker/execd/v1.0.10 New feature
Notable features
  • WebSocket PTY support for terminal access
  • EXECD_CLONE3_COMPAT seccomp-based fallback for clone3 compatibility on restricted systems
  • Tuned Jupyter idle polling and SSE completion wait times
Full changelog

What's New

✨ Features

  • tune jupyter idle polling and sse completion wait (#577)
  • add websocket PTY support (#590) (#608)
  • add EXECD_CLONE3_COMPAT seccomp-based clone3 fallback (#518)

👥 Contributors

Thanks to these contributors ❤️

  • @skyler0513
  • @ctlaltlaltc
  • @Pangjiping
  • Docker Hub: opensandbox/execd:v1.0.10
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.10
View release on GitHub
docker/egress/v1.0.5 New feature
Notable features
  • Load allow/deny lists from `/var/egress/rules/allow.always` and `/var/egress/rules/deny.always` at startup
  • OpenTelemetry metrics and internal telemetry support
Full changelog

What's New

✨ Features

  • load fixed always allow/deny lists at startup from /var/egress/rules/allow.always and /var/egress/rules/deny.always (#622)
  • add OTel metrics and internal/telemetry (#618)

👥 Contributors

Thanks to these contributors ❤️

  • @Pangjiping
  • Docker Hub: opensandbox/egress:v1.0.5
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.5
View release on GitHub
docker/egress/v1.0.4 New feature
Notable features
  • Persist egress policy to local file via OPENSANDBOX_EGRESS_POLICY_FILE
View release on GitHub
python/code-interpreter/v0.1.2 Bug fix

Fixed endpoint header propagation in Python code-interpreter sync adapter.

View release on GitHub
python/sandbox/v0.1.6 New feature
Notable features
  • run_in_session for persistent shell workflows
  • OSSFS volume backend support
  • Command exit-code support
View release on GitHub
csharp/code-interpreter/v0.1.0 Maintenance

## What's New Initial stable release of the C# Code Interpreter SDK.

View release on GitHub
csharp/sandbox/v0.1.0
⚠ Upgrade required
  • runInSession timeout parameter design is planned for adjustment in a future SDK release — avoid relying on it for now
Full changelog

[!WARNING]
runInSession is available in this release, but its current timeout parameter design has an issue.
We plan to adjust it in a future SDK release.
If possible, avoid relying on this timeout parameter for now.

What's New

Initial stable release of the C# Sandbox SDK.

View release on GitHub
js/code-interpreter/v0.1.3 New feature
Notable features
  • Sandbox endpoint auth header support for code-interpreter requests in the JavaScript SDK
Full changelog

What's New

✨ Features

  • Added sandbox endpoint auth header support for code-interpreter requests in the JavaScript SDK by @ninan-nn in #492

📦 Misc

  • Updated package metadata and homepage information for the JavaScript code-interpreter package by @ninan-nn in #265

👥 Contributors

Thanks to these contributors ❤️

  • @ninan-nn
View release on GitHub
java/code-interpreter/v1.0.5 New feature
Notable features
  • Sandbox endpoint auth header support for code-interpreter requests in Java SDK
Full changelog

What's New

✨ Features

  • Added sandbox endpoint auth header support for code-interpreter requests in the Java SDK by @ninan-nn in #492

👥 Contributors

Thanks to these contributors ❤️

  • @ninan-nn
View release on GitHub
java/sandbox/v1.0.5 New feature
Notable features
  • OSSFS volume backend support
  • Client-side sandbox pool support
  • Manual-cleanup sandbox lifecycle support
View release on GitHub
js/sandbox/v0.1.5 New feature
Notable features
  • runInSession support for persistent shell workflows
  • OSSFS volume backend support
  • Command exit-code support
View release on GitHub
docker/execd/v1.0.9 Breaking risk
Breaking changes
  • RunInSession contract changed from code/timeout_ms to command/timeout
View release on GitHub
server/v0.1.9 Bug fix

Fixes JSON response format to omit None fields instead of explicit null.

View release on GitHub
docker/ingress/v1.0.5 Mixed
Notable features
  • Experimental: auto-renew sandbox publishes renew-intent to Redis per OSEP-0009
  • LoadOrStore optimization for renew-intent MinInterval throttling
Full changelog

What's New

✨ Features

  • [EXPERIMENTAL] publishing renew-intent to Redis for OSEP-0009 (#480)

🐛 Bug Fixes

  • use LoadOrStore for renew-intent MinInterval throttle (#529)

👥 Contributors

Thanks to these contributors ❤️

  • @Pangjiping
  • Docker Hub: opensandbox/ingress:v1.0.5
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/ingress:v1.0.5
View release on GitHub
server/v0.1.8 Mixed
Notable features
  • Manual cleanup sandbox lifecycle support
  • OSSFS storage for Docker service
  • Per-sandbox egress auth header generation
View release on GitHub
docker/execd/v1.0.8 New feature
Notable features
  • Session API for pipe-based bash sessions
View release on GitHub
docker/execd/v1.0.7 Mixed
Notable features
  • Environment variable support in run command requests
  • Bash-to-sh fallback for Alpine-based container images
  • uid and gid support for command execution
Full changelog

What's New

✨ Features

  • add support env in run command request (#385)
  • add fallback from bash to sh for Alpine-based images (#407)
  • add uid and gid support for command execution (#332)
  • extract version package to components/internal (#245)
  • replace logger with internal package (#237)

🐛 Bug Fixes

  • auto-recreate temp dir in stdLogDescriptor and combinedOutputDescriptor (#415)
  • return 404 code for missing code context (#373)

📦 Misc

  • refactor unit tests to testify require/assert (#385)
  • sync latest image for v-prefixed TAG (#331)
  • chore(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 in /components/execd (#251)

👥 Contributors

Thanks to these contributors ❤️

  • @Pangjiping
  • @joaquinescalante23
  • @zerone0x
  • @liuxiaopai-ai
  • @Jah-yee
  • @dependabot
  • Docker Hub: opensandbox/execd:v1.0.7
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.7
View release on GitHub
server/v0.1.7 Mixed
Notable features
  • PVC support in agent-sandbox and batchsandbox runtimes
  • User-defined Docker network stacks
  • Server RBAC for secrets management
Full changelog

What's New

✨ Features

  • refactor kubernetes client service and add rate limter (#429)
  • add pvc support in agent-sandbox/batchsandbox runtime (#424)
  • support user-defined Docker network stack (#426)
  • add server rbac for secrets (#396)
  • support image auth in batchsandbox provider (#395)

🐛 Bug Fixes

  • clean up failed egress sidecar startup (#418)
  • strip hop-by-hop proxy headers (#408)
  • currect Kubernetes label key validation (#398)
  • use internal endpoint resolution for server proxy mode (#404)
  • clean up container when runtime prep fails (#394)

👥 Contributors

Thanks to these contributors ❤️

  • @Generalwin
  • @Gujiassh
  • @Spground
  • @ctlaltlaltc
  • @zerone0x
  • @suger-m
  • @jinghuan-Chen
  • PyPI: opensandbox-server==0.1.7
  • Docker Hub: opensandbox/server:v0.1.7
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.7
View release on GitHub
docker/egress/v1.0.3 New feature
Notable features
  • Denied hostname webhook fanout
  • sandboxID included in deny webhook payload
  • Network tools (ip) installed in container image
Full changelog

What's New

✨ Features

  • add denied hostname webhook fanout (#406)
  • add sandboxID within deny webhook payload (#427)

📦 Misc

  • install network tools, like ip (#427)
  • refactor test by testify framework (#427)

👥 Contributors

Thanks to these contributors ❤️

  • @Pangjiping
  • Docker Hub: opensandbox/egress:v1.0.3
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.3
View release on GitHub
docker/egress/v1.0.2 New feature
Notable features
  • Nameserver exempt for direct DNS forwarding (#356)
  • Patch policy updates and smoke coverage (#392)
Full changelog

What's New

✨ Features

  • add patch policy updates and somke coverage (#392)
  • add nameserver exempt for direct DNS forwarding (#356)

📦 Misc

  • sync latest image for v-prefixed TAG (#331)
  • Potential fix for code scanning alert no. 114: Workflow does not contain permissions (#278)

👥 Contributors

Thanks to these contributors ❤️

  • @Pangjiping
  • Docker Hub: opensandbox/egress:v1.0.2
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.2
View release on GitHub
server/v0.1.6 Bug fix
Security fixes
  • Reject WebSocket upgrades before proxying
  • Reject unsupported image.auth with actionable error
Notable features
  • Configurable resources in execd init container
View release on GitHub
helm/opensandbox/0.1.0 New feature
Notable features
  • All-in-one Helm chart bundling controller and server components
  • Pre-packaged dependencies — no helm dependency build required during installation
Full changelog

opensandbox Helm Chart(all-in-one)

The OpenSandbox Helm Chart (all-in-one) will install both the controller and server components.

Chart Version: 0.1.0
App Version: 0.1.0

Installation

直接从 GitHub Release 安装:

helm install opensandbox \
  https://github.com/alibaba/OpenSandbox/releases/download/helm/opensandbox/0.1.0/opensandbox-0.1.0.tgz \
  --namespace opensandbox-system \
  --create-namespace

或者先下载后安装:

# 下载
wget https://github.com/alibaba/OpenSandbox/releases/download/helm/opensandbox/0.1.0/opensandbox-0.1.0.tgz

# 安装
helm install opensandbox ./opensandbox-0.1.0.tgz \
  --namespace opensandbox-system \
  --create-namespace

Note: This is an all-in-one chart that bundles controller and server. The packaged chart already includes all dependencies, no need to run helm dependency build when installing from release.

What's Changed

  • Chart version: 0.1.0
  • App version: 0.1.0
View release on GitHub
server/v0.1.5 Mixed
Notable features
  • New server.eip config parameter for Docker runtime endpoint host
  • Proxy HTTP errors now preserved with route coverage
  • X-Request-ID spanning in server logs
Full changelog

What's New

✨ Features

  • add server.eip config for endpoint host in Docker runtime (#316)
  • preserve proxy HTTP errors and add route coverage (#312)
  • span X-Request-ID by server log (#269)

🐛 Bug Fixes

  • validate list metadata query format strictly (#316)
  • forward query string in sandbox proxy handler (#266)

📦 Misc

  • fix packaging config (#325)
  • add sandbox router test coverage (#306)
  • add list sandbox test coverage (#292)
  • add create and delete sandbox test coverage (#291)
  • add renew sandbox test coverage (#290)
  • add pause and resume sandbox test coverage (#289)
  • add get sandbox endpoint test coverage (#288)
  • opensandbox server deployment helm charts (#302)
  • update README for kubernetes service (#298)
  • add bootstrap operation-not-permitted troubleshooting (#286)
  • clarify compose bridge networking and proxy usage (#285)
  • update server helm template (#327)
  • optimize workflow trigger (#320)

👥 Contributors

Thanks to these contributors ❤️

  • @wangdengshan
  • @liuxiaopai-ai
  • @Spground
  • @ninan-nn
  • @Pangjiping
  • PyPI: opensandbox-server==0.1.5
  • Docker Hub: opensandbox/server:v0.1.5
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.5
View release on GitHub
docker/egress/v1.0.1 New feature
Notable features
  • Egress stage two for IP/CIDR rules and DoT/DoH blocking
  • Egress stage three for dynamic IP insertion from DNS answers
Full changelog

What's New

✨ Features

  • Egress stage two for IP/CIDR rules, DoT/DoH block (#183)
  • Egress stage three for dynamic IP insertion from DNS answers (#197)
  • unified logger by internal package (#244)
  • print build/compile info when start up (#245)

📦 Misc

  • chore(deps): bump golang.org/x/net from 0.26.0 to 0.38.0 in /components/egress (#192)

👥 Contributors

Thanks to these contributors ❤️

  • @Pangjiping
  • @dependabot
  • Docker Hub: opensandbox/egress:v1.0.1
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1
View release on GitHub
docker/ingress/v1.0.2 Breaking risk
⚠ Upgrade required
  • Update downstream systems and configuration referencing the old ingress header name to use `OpenSandbox-Ingress-To`
Breaking changes
  • Ingress header renamed to `OpenSandbox-Ingress-To`
Full changelog

What's New

✨ Features

  • chore: unified internal logger for components (#230)
  • chore(ingress): rename ingress header to OpenSandbox-Ingress-To (#246)

👥 Contributors

Thanks to these contributors ❤️

  • @Pangjiping
  • Docker Hub: opensandbox/ingress:v1.0.2
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/ingress:v1.0.2
View release on GitHub
server/v0.1.3 New feature
Notable features
  • Multi ingress gateway mode support
  • Docker named volume support with subPath for PVC backend
  • Kubernetes resource retrieval by informer
View release on GitHub
js/sandbox/v0.1.4 New feature
Notable features
  • Server proxy support for accessing sandbox endpoints
  • Host and PVC volume types in OpenAPI spec
  • Command query support in SDKs
Full changelog

What's New

✨ Features

  • feat(sdks): support command query by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/182
  • feat(volume): add host and pvc volume types to OpenAPI spec by @hittyt in https://github.com/alibaba/OpenSandbox/pull/166
  • feat(server): support accessing sandbox endpoints via server proxy by @fengxsong in https://github.com/alibaba/OpenSandbox/pull/172
  • Feature/command timeout and execd headers by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/227
  • feat(sdks): support server proxy by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/224

👥 Contributors

Thanks to these contributors ❤️

View release on GitHub
java/sandbox/v1.0.4 New feature
Notable features
  • Server proxy support for accessing sandbox endpoints
  • Host and PVC volume types in OpenAPI spec
  • Command timeout and execd headers support
Full changelog

What's New

✨ Features

  • feat(sdks): support command query by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/182
  • feat(volume): add host and pvc volume types to OpenAPI spec by @hittyt in https://github.com/alibaba/OpenSandbox/pull/166
  • feat(server): support accessing sandbox endpoints via server proxy by @fengxsong in https://github.com/alibaba/OpenSandbox/pull/172
  • Feature/command timeout and execd headers by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/227
  • feat(sdks): support server proxy by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/224

📦 Misc

  • feature 修复readme文档 Execution类位置问题 by @asiudgufgbukbsa in https://github.com/alibaba/OpenSandbox/pull/159

👥 Contributors

Thanks to these contributors ❤️

View release on GitHub
python/sandbox/v0.1.5 New feature
Notable features
  • Server proxy support for accessing sandbox endpoints via the server
  • New host and PVC volume types in OpenAPI specification
  • Command query support with timeout and execd header handling
Full changelog

What's New

✨ Features

  • feat(sdks): support command query by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/182
  • feat(volume): add host and pvc volume types to OpenAPI spec by @hittyt in https://github.com/alibaba/OpenSandbox/pull/166
  • feat(server): support accessing sandbox endpoints via server proxy by @fengxsong in https://github.com/alibaba/OpenSandbox/pull/172
  • Feature/command timeout and execd headers by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/227
  • feat(sdks): support server proxy by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/224

📦 Misc

  • feature 修复readme文档 Execution类位置问题 by @asiudgufgbukbsa in https://github.com/alibaba/OpenSandbox/pull/159

👥 Contributors

Thanks to these contributors ❤️

View release on GitHub
python/sandbox/v0.1.5.dev0 New feature
Notable features
  • Server proxy support for accessing sandbox endpoints
  • Command query support and command timeout with execd headers in SDKs
  • Host and PVC volume types in OpenAPI spec
Full changelog

What's New

✨ Features

  • feat(sdks): support command query by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/182
  • feat(volume): add host and pvc volume types to OpenAPI spec by @hittyt in https://github.com/alibaba/OpenSandbox/pull/166
  • feat(server): support accessing sandbox endpoints via server proxy by @fengxsong in https://github.com/alibaba/OpenSandbox/pull/172
  • Feature/command timeout and execd headers by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/227
  • feat(sdks): support server proxy by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/224

📦 Misc

  • feature 修复readme文档 Execution类位置问题 by @asiudgufgbukbsa in https://github.com/alibaba/OpenSandbox/pull/159

👥 Contributors

Thanks to these contributors ❤️

View release on GitHub
docker/execd/v1.0.6 New feature
Notable features
  • Human-readable logs and concise SSE summary log
  • Timeout for run_command requests
  • Log syncing to hostpath and artifact upload
Full changelog

What's New

✨ Features

  • human-readable logs and concise SSE summary log (#219)
  • add timeout for run_command request (#218)

📦 Misc

  • sync execd's log to hostpath and upload artifact (#222)
  • chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.45.0 in /components/execd (#193)

👥 Contributors

Thanks to these contributors ❤️

  • @Pangjiping
  • @dependabot
  • Docker Hub: opensandbox/execd:v1.0.6
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6
View release on GitHub
server/v0.1.2 New feature
Notable features
  • Local host volume mount support in Docker runtime
  • NetworkPolicy support in Kubernetes provider
Full changelog

What's New

✨ Features

  • support local host volume mount in Docker runtime (#188)
  • support NetworkPolicy by kubernetes provider (#190)

📦 Misc

  • chore(deps): bump pyasn1 from 0.6.1 to 0.6.2 in /server (#195)
  • chore(deps): bump urllib3 from 2.3.0 to 2.6.3 in /server (#194)

👥 Contributors

Thanks to these contributors ❤️

  • @hittyt
  • @Pangjiping
  • @dependabot
  • PyPI: opensandbox-server==0.1.2
  • Docker Hub: opensandbox/server:v0.1.2
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.2
View release on GitHub
docker/ingress/v1.0.1 Breaking risk
Breaking changes
  • Dropped linux/arm64 target support
Notable features
  • Proxy mode for ingress (uri/header/batch modes)
  • Replace pod with batch sandbox resource
  • Watch agent-sandbox resource by ingress
View release on GitHub
server/v0.1.1 Breaking risk
Breaking changes
  • Extract egress configuration as independent module; [runtime].egress_image no longer accepted
Notable features
  • Host/PVC volumes API definition
  • Sandbox endpoints access via server built-in proxy
View release on GitHub
python/mcp/sandbox/v0.1.1 New feature
Notable features
  • Python sandbox MCP server
Full changelog

What's New

This is the initial public release of the python sandbox mcp server

✨ Features

  • feat(mcp): sandbox mcp python by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/145

👥 Contributors

Thanks to these contributors ❤️

  • @ninan-nn
View release on GitHub
server/v0.1.0 New feature
Notable features
  • Sandbox lifecycle management: create, run, monitor, and dispose isolated execution environments across container platforms
  • Production-grade FastAPI control plane for containerized sandbox orchestration
Full changelog

What's New

This is OpenSandbox server first release. OpenSandbox server is a production-grade, FastAPI-based service for managing the lifecycle of containerized sandboxes. It acts as the control plane to create, run, monitor, and dispose isolated execution environments across container platforms.

👥 Contributors

Thanks to these contributors ❤️

  • @Generalwin
  • @jwx0925
  • @hittyt
  • @ninan-nn
  • @Pangjiping
  • @yunnian
  • PyPI: opensandbox-server==0.1.0
  • Docker Hub: opensandbox/server:v0.1.0
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.0
View release on GitHub
java/code-interpreter/v1.0.3 New feature
Notable features
  • Network policy configuration when creating a sandbox to control egress traffic with allow/deny rules
Full changelog

What's Changed

  • feat(sdks): sandbox egress rule support by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/138

New Features

  • Support network policy configuration when creating a sandbox, enabling outbound (egress) traffic control (allow/deny rules).
View release on GitHub
python/sandbox/v0.1.4 New feature
Notable features
  • Network policy configuration when creating sandboxes to control outbound (egress) traffic with allow/deny rules
Full changelog

What's Changed

  • feat(sdks): sandbox egress rule support by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/138

New Features

  • Support network policy configuration when creating a sandbox, enabling outbound (egress) traffic control (allow/deny rules).
View release on GitHub
js/sandbox/v0.1.3 New feature
Notable features
  • Sandbox network policy configuration with allow/deny egress rules for outbound traffic control
Full changelog

What's Changed

  • feat(sdks): sandbox egress rule support by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/138

New Features

  • Support network policy configuration when creating a sandbox, enabling outbound (egress) traffic control (allow/deny rules).
View release on GitHub
java/sandbox/v1.0.3 New feature
Notable features
  • Network policy configuration for sandbox creation, enabling allow/deny egress traffic control
Full changelog

What's Changed

  • feat(sdks): sandbox egress rule support by @ninan-nn in https://github.com/alibaba/OpenSandbox/pull/138

New Features

  • Support network policy configuration when creating a sandbox, enabling outbound (egress) traffic control (allow/deny rules).
View release on GitHub
docker/execd/v1.0.4 Mixed
Notable features
  • Chained bootstrap commands via -c or BOOTSTRAP_CMD environment variable
  • Configurable log output file via EXECD_LOG_FILE environment variable
  • Bootstrap shell changed from sh to bash
Full changelog

What's New

✨ Features

  • replace sh to bash under bootstrap (#134)
  • allow configuring log output file via env EXECD_LOG_FILE (#135)

🐛 Bug Fixes

  • support chained bootstrap commands via -c or BOOTSTRAP_CMD (#129)
  • step sse ping after client disconnect (#130)

👥 Contributors

Thanks to these contributors ❤️

  • @Pangjiping
  • @hittyt
  • @ninan-nn
  • Docker Hub: opensandbox/execd:v1.0.4
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.4
View release on GitHub
js/code-interpreter/v0.1.2 Maintenance

### What's Changed * chore(sdks): cjs support ### Improvements * Common js supported

View release on GitHub
js/sandbox/v0.1.2 Maintenance

### What's Changed * chore(sdks): cjs support ### Improvements * Common js supported

View release on GitHub
js/code-interpreter/v0.1.0 Maintenance

This is the initial public release of the Code Interpreter Javascript SDK.

View release on GitHub
java/sandbox/v1.0.2 Bug fix

Isolated connection pools now automatically allocated per instance by default.

View release on GitHub
docker/execd/v1.0.3 New feature
Notable features
  • Web framework switched to Gin
  • SSE API grace shutdown timeout configurable via EXECD_API_GRACE_SHUTDOWN environment variable
View release on GitHub
python/sandbox/v0.1.2 Bug fix

Automatic isolated transport allocation for instances without custom pool specification.

View release on GitHub
js/sandbox/v0.1.0 Maintenance

This is the initial public release of the Sandbox Javascript SDK.

View release on GitHub
docker/code-interpreter/v1.0.1 New feature
Notable features
  • Code-interpreter environment variable now appended to EXECD_ENVS
Full changelog

What's New

✨ Features

  • append code-interpreter env to EXECD_ENVS (#70)

👥 Contributors

Thanks to these contributors ❤️

  • @Pangjiping
  • @hittyt
  • Docker Hub: opensandbox/code-interpreter:v1.0.1
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/code-interpreter:v1.0.1
View release on GitHub
docker/execd/v1.0.2 New feature
Notable features
  • Code context management APIs
  • Background command output tailing support
  • EXECD_ENVS environment file injection support
View release on GitHub
java/code-interpreter/v1.0.1 Breaking risk
Breaking changes
  • Removed duplicated sandbox lifecycle methods from CodeInterpreter; use sandbox property directly
Notable features
  • Code context management API (getContext, listContexts, createContext, deleteContext, deleteContexts)
  • Additional run(...) convenience overloads with context and language parameters
View release on GitHub
python/code-interpreter/v0.1.1 Breaking risk
Breaking changes
  • CodeInterpreter no longer re-exports sandbox operations; use interpreter.sandbox instead
Notable features
  • Code context management methods (create_context, get_context, list_contexts, delete_context, delete_contexts)
  • Language-aware run(...) convenience with server-side default context support
View release on GitHub
java/sandbox/v1.0.1 Breaking risk
Breaking changes
  • API base URL now includes /v1
  • Sandbox IDs changed from UUID to String
Notable features
  • skipHealthCheck option for create/connect/resume
  • Extensions supported on sandbox creation
  • Renew now returns SandboxRenewResponse with updated expiration
View release on GitHub
python/sandbox/v0.1.1 Breaking risk
Breaking changes
  • API base URL now includes /v1
  • Sandbox IDs changed from UUID to str
Notable features
  • skip_health_check option for create/connect/resume
  • Extensions supported on sandbox creation
  • Renew now returns SandboxRenewResponse with expires_at
View release on GitHub
docker/ingress/v1.0.0 New feature
Notable features
  • Transparent Layer 7 proxy routing based on HTTP Headers or Host
  • Eliminates need for Service creation on target sandbox pods
Full changelog

What's New

The OpenSandbox ingress component is a Kubernetes-native traffic management component implementing transparent Layer 7 proxy routing rules based on HTTP Headers or Host, eliminating the need for Service creation on target sandbox pods.

✨ Features

  • add kubernetes native common ingress component (#52)

👥 Contributors

Thanks to these contributors ❤️

  • @hittyt
  • @Pangjiping
  • Docker Hub: opensandbox/ingress:v1.0.0
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/ingress:v1.0.0
View release on GitHub
docker/execd/v1.0.1 New feature
Notable features
  • Command status and output APIs with RFC3339 timestamps
  • Windows platform support
  • CR-delimited output support
View release on GitHub
java/code-interpreter/v1.0.0 Maintenance

This is the initial public release of the Code Interpreter Java SDK.

View release on GitHub
java/sandbox/v1.0.0 Maintenance

This is the initial public release of the Sandbox Java SDK.

View release on GitHub
python/code-interpreter/v0.1.0 Maintenance

This is the initial public release of the Code Interpreter Python SDK.

View release on GitHub
python/sandbox/v0.1.0 Maintenance

This is the initial public release of the Sandbox Python SDK.

View release on GitHub

Beta — feedback welcome: [email protected]