Releases: anthropic-experimental/sandbox-runtime
Releases · anthropic-experimental/sandbox-runtime
v0.0.54
What's Changed
- chore(deps): bump shell-quote to 1.8.4 by @dylan-conway in #301
Full Changelog: v0.0.53...v0.0.54
Contributors
dylan-conway
Assets 2
v0.0.53
What's Changed
- feat(windows): srt-win crate — group + wfp subcommands by @ig-ant in #278
- feat(windows): restrict loopback permit to fixed port range by @ig-ant in #279
- feat(windows): srt-win exec — restricted token, job, hardening stack by @ig-ant in #280
- feat(windows): srt-win install/uninstall — single-step group + WFP setup by @ig-ant in #281
- feat(windows): wire SandboxManager to srt-win network sandbox by @ig-ant in #282
- feat(windows): single-source proxy env — TS owns generateProxyEnvVars, srt-win exec passthrough by @ig-ant in #285
- fix(mitm): tighten leaf cert validity to 99 days, anchored at notBefore by @shawnm-anthropic in #292
- fix(sandbox): attach bridge 'error' handlers before the pid check by @ig-ant in #295
- feat(sandbox): add opt-in allowAppleEvents option for macOS by @joshw-ant in #298
- fix(network): disable SSH connection multiplexing in injected GIT_SSH_COMMAND by @dylan-conway in #297
New Contributors
- @ig-ant made their first contribution in #278
- @joshw-ant made their first contribution in #298
Full Changelog: v0.0.52...v0.0.53
Contributors
dylan-conway, shawnm-anthropic, and 2 other contributors
Assets 2
v0.0.52
What's Changed
- fix(tls-terminate): pass non-TLS CONNECT through as opaque tunnel by @dylan-conway in #276
Full Changelog: v0.0.51...v0.0.52
Contributors
dylan-conway
Assets 2
v0.0.51
What's Changed
- feat(terminating-tls): Add opt-in configuration for providing CA cert and key by @shawnm-anthropic in #247
- feat(terminating-tls): per-host leaf cert minting by @shawnm-anthropic in #248
- feat(terminating-tls): in-process TLS termination by @shawnm-anthropic in #254
- fix(sandbox): make reset() resilient to missed bridge 'exit' events by @dylan-conway in #255
- feat(terminating-tls): inject CA-trust env vars into the sandboxed child by @shawnm-anthropic in #256
- feat(terminating-tls): filterRequest callback for full-request filtering by @shawnm-anthropic in #258
- feat(terminating-tls): generate ephemeral CA when caCertPath/caKeyPath omitted by @shawnm-anthropic in #259
- fix: two end-to-end bugs blocking filterRequest + ephemeral CA by @shawnm-anthropic in #260
- chore: bump version to 0.0.51 by @dylan-conway in #262
New Contributors
- @shawnm-anthropic made their first contribution in #247
Full Changelog: v0.0.50...v0.0.51
Contributors
dylan-conway and shawnm-anthropic
Assets 2
v0.0.50
What's Changed
- fix(sandbox): deny file-write-create on protected ancestors in Seatbelt profile by @OctavianGuzu in #226
- Invoke sandbox-exec by absolute path by @ant-kurt in #233
- Add bwrapPath and socatPath config overrides for Linux sandbox by @ant-kurt in #232
- chore: bump version to 0.0.50 by @OctavianGuzu in #235
- test(integration): swap allowedDomains via updateConfig instead of reset+initialize by @dylan-conway in #242
- test(integration): use async spawn so the in-process proxy can respond; bump bun to 1.3.13 by @dylan-conway in #243
- fix(sandbox): read CLAUDE_CODE_TMPDIR for TMPDIR (in addition to CLAUDE_TMPDIR) by @dylan-conway in #240
- fix(cli): shell-quote positional args instead of join(" ") by @dylan-conway in #239
- fix(sandbox): only require ripgrep on Linux in checkDependencies() by @dylan-conway in #241
- fix(cli): make --debug flag set SRT_DEBUG (was setting DEBUG) by @dylan-conway in #238
- fix(sandbox): set CLOUDSDK_PROXY_TYPE=http (was invalid "https") by @dylan-conway in #237
- docs(README): fix typo in section concerning security limitations by @xty in #167
New Contributors
- @OctavianGuzu made their first contribution in #226
- @ant-kurt made their first contribution in #233
- @xty made their first contribution in #167
Full Changelog: v0.0.49...v0.0.50
Contributors
xty, OctavianGuzu, and 2 other contributors
Assets 2
v0.0.49
What's Changed
- Remove lodash-es dependency by @dylan-conway in #206
Full Changelog: v0.0.48...v0.0.49
Contributors
dylan-conway
Assets 2
v0.0.48
What's Changed
- Bump to 0.0.48 and fix npm audit vulnerabilities by @dylan-conway in #205
Full Changelog: v0.0.47...v0.0.48
Contributors
dylan-conway
Assets 2
v0.0.47
What's Changed
- Run full test suite in CI and migrate platform skips to describe.if by @dylan-conway in #197
- fix ordering for allow read within deny by @carderne in #170
- test: verify rm in allowWrite under denyRead ancestor (follow-up to #170) by @poteat in #198
- Bake BPF filter into apply-seccomp, build in CI by @dylan-conway in #199
- Add seccomp argv0 mode for multicall-binary invocation by @dylan-conway in #203
- Add allowMachLookup config for additional macOS XPC services by @dylan-conway in #204
Full Changelog: v0.0.46...v0.0.47
Contributors
poteat, carderne, and dylan-conway
Assets 2
v0.0.46
What's Changed
- Fix enableWeakerNestedSandbox after apply-seccomp namespace changes by @dylan-conway in #196
Full Changelog: v0.0.45...v0.0.46
Contributors
dylan-conway
