- Added a dedicated ECS Fargate deployment for small private AWS workspaces with task-role credentials, exact account/Region and instance allowlist preflight, encrypted gp3 volumes, no public IP or SSH, IMDSv2, SSM bootstrap/log evidence, route-scoped workspace lifecycle, and idempotent cleanup.
- Added optional authoritative pre-boot SSH host public keys to coordinator-backed Linux lease inspection for fail-closed identity pinning.
- Redesigned the documentation site around first-class provider discovery, with complete provider navigation, multi-category filtering, responsive tables and mobile navigation, and accessibility improvements. Thanks @zozo123.
- Added explicit GCP metadata-server authentication for brokered coordinators, with hardened token validation, bounded retries, source-aware readiness diagnostics, and preserved service-account-key defaults. Thanks @dani29.
- Bootstrapped strict Tailscale AWS leases through their rendered tailnet hostname while preserving public and automatic network selection, allowing same-account EC2 operators without public-IP reachability to create leases successfully. Thanks @SebTardif.
- Confined explicit JUnit result collection to final paths inside the remote workdir on POSIX and Windows while preserving safe in-workdir symlinks and absolute paths. Thanks @coygeek.
- Verified Node.js release archives against published SHA-256 checksums before local Actions hydration installs or reuses them, preventing unverified setup-node downloads from reaching the workflow PATH. Thanks @coygeek.
- Limited shared egress status to coarse active visibility unless the caller has manage access, keeping per-side host and client connection state private. Thanks @coygeek.
- Counted live managed leases against monthly reserved-USD budgets after UTC month rollover until cleanup commits a terminal state, preventing overlapping reservations from bypassing configured cost caps. Thanks @coygeek.
- Bounded coordinator lease and workspace history scans and kept saturated cleanup retry batches scheduled promptly, preventing large retained histories from exhausting Durable Object memory or stranding cleanup.
- Added Orgo Linux workspaces with API-key authentication, image and region selection, exact workspace-bound claims, WebVNC support, guarded cleanup, credential provenance checks, and a full live-smoke workflow. Thanks @zozo123.
- Preserved the Foundation Developer ID and notarization trust of the embedded Apple VM daemon at runtime instead of replacing its accepted signature with an ad-hoc one.
- Rebuilt production releases as a local-produced, signed, notarized, draft-first pipeline with protected default-branch verification, exact source provenance, native execution proof, serialized publication, and separately verified Homebrew installation.
- Authenticated the complete packaging-tool closure before exposing signing credentials, kept credential-free release builds read-only, and made signed-tag publication tests deterministic across Linux and macOS CI.
- Added Sealos DevBox Linux SSH leases through the Kubernetes CRD with exact provider/resource-bound claims, conflict-safe explicit
--reclaimadoption, claim-locked release and cleanup, controller-owned Secret SSH routing, and guarded zero-residue lifecycle proof. Thanks @coygeek. - Added a Unikraft Cloud service-control provider for claimed OCI-image instances, with endpoint- and instance-bound ownership, guarded cleanup, and live create/status/list/stop verification. Thanks @zozo123.
- Added capability-aware AWS image promotion and lease selection by minimum OS, SDK/runtime versions, browser, WebView2, and desktop support, with fail-before-lease rejection when no promoted image satisfies every requirement.
- Added provider-neutral Ed25519-signed run receipts through
crabbox run --attestand integrity verification throughcrabbox verify, with collision-safe signing-key handling and explicit self-signed trust reporting. Thanks @yetval. - Documented a provider-neutral hermetic-agent evidence pattern with separate writer contexts, QA arbitration, required proof artifacts, and sync-safe local downloads. Thanks @zozo123.
- Added
sync-plan --jsonwith candidate and dirty-delta sizes, configured guardrail status, deleted-path counts, and ranked file and directory hotspots for automation. Thanks @zozo123. - Added a CubeSandbox delegated-run provider with E2B-compatible lifecycle and envd execution, archive sync, CubeProxy routing, exact API-endpoint/sandbox-bound ownership claims, conflict-safe explicit adoption, and guarded cleanup. Thanks @zozo123.
- Added coordinator-managed Daytona Linux leases with a Worker-held API key, exact ownership cleanup, expiring SSH-token refresh, CLI secret redaction, and production Cloudflare configuration. Thanks @vincentkoc.
- Sealed short-lived WebVNC handoff credentials with their one-use tickets and removed ticket material from storage keys, preventing coordinator storage reads from bypassing the browser handoff. Thanks @coygeek.
- Kept brokered Daytona SSH tokens owner- and admin-only across lease reads and management responses, and skipped token refresh for shared viewers, preventing
useormanageshares from receiving direct sandbox credentials. Thanks @coygeek. - Kept expired provider-consuming leases inside active capacity limits and rejected heartbeats after their deadline, preventing cleanup-pending leases from bypassing coordinator caps. Thanks @coygeek.
- Redacted passwordless URL userinfo and common OAuth and cloud credential aliases consistently from CLI and coordinator diagnostics, including truncated provider error bodies. Thanks @coygeek.
- Bound artifact uploads to private snapshots and manifest hashes to rooted validated file handles, then replaced generated outputs through root-confined temporary files, preventing path races from reading or overwriting files outside the bundle. Thanks @coygeek.
- Kept AWS developer-image minting compatible with macOS system Bash when AWS region selection is automatic.
- Preserved exact coordinator organization identities in collision-free authorization keys, preventing distinct labels from sharing leases, runs, bridges, workspaces, runners, or usage limits after lossy normalization. Ambiguous legacy records now fail closed for non-admin access while remaining available for admin cleanup. Thanks @coygeek.
- Confined Nomad API redirects to the configured scheme, hostname, and effective port before replaying ACL tokens or request bodies, while keeping rejected Location secrets out of diagnostics. Thanks @coygeek.
- Confined OVH API redirects to the configured scheme, hostname, and effective port before replaying signed credential headers, while keeping rejected Location secrets out of diagnostics. Thanks @coygeek.
- Confined Scaleway SDK redirects to the configured scheme, hostname, and effective port before replaying provider tokens, while keeping rejected Location secrets out of diagnostics. Thanks @coygeek.
- Escaped terminal controls and Unicode formatting characters in human JUnit result, shard, and failure-digest output while preserving raw JSON values. Thanks @coygeek.
- Launched native Windows desktop apps directly in the active interactive session without scheduled tasks, waiting for a visible window and reporting its process ID, session, and title.
- Unified direct macOS WebVNC with the authenticated portal: Tart and Parallels viewers now use the same chrome and controls as Linux and Windows when coordinator login is configured, with provider-lifetime registration and the local viewer retained as the offline fallback.
- Replaced WebVNC password and username URL fragments with one-time credential handoff tickets, and made repeated
--opencalls reuse and focus the existing lease viewer tab when the browser supports cross-tab handoff. - Required E2B stop and automatic cleanup to hold an unchanged API-endpoint-, sandbox-, lease-, slug-, and provider-bound local claim across deletion; claimless recovery now requires explicit
--reclaim. Thanks @coygeek. - Prevented config and
.crabboxignorenegations, including case aliases, from re-including Crabbox-owned env profiles, uploaded scripts, logs, captures, and run artifacts in sync manifests. Thanks @zozo123. - Allowed ordered
!re-includes in.crabboxignoreandsync.exclude, with\!for literal leading-bang paths. Thanks @chsong1. - Completed coordinator diagnostic redaction for non-Bearer authorization schemes, GCP signed URLs, and every configured provider credential field. Thanks @coygeek.
- Reconciled idle admin WebVNC, Code, egress, and control sockets during direct and Node scheduled maintenance after admin-token or GitHub-admin rotation. Thanks @coygeek.
- Bound accepted WebVNC and Code backend agents to the manager grant that created them, closing attributable agents after share or credential revocation while preserving pre-upgrade hibernated sockets. Thanks @coygeek.
- Bound non-admin shared-token WebVNC, Code, and egress bridges to the credential active at ticket creation, closing active and restored sessions after token rotation or removal. Thanks @coygeek.
- Made Parallels macOS WebVNC use managed VNC credentials, authenticated screenshots, pointer and direct keyboard input, explicit host-side macOS routing, collision-safe local tunnels, XWayland-aware desktop input, and safe clipboard fallback.
- Started delegated-provider sync timeouts at archive creation, matching SSH sync semantics and avoiding pre-transfer expiry during local Git manifest planning.
- Kept macOS listener ownership checks responsive when mounted filesystems make full
lsofmetadata scans slow. - Routed Azure orphan-sweep deletion through the exact lease-, provider-scope-, resource-, companion-, and immutable-disk-bound owned-delete path instead of deleting by retained VM name alone.
- Kept sync manifest writes compatible with minimal BusyBox guests instead of requiring a GNU-only
ddoption, and preserved complete Phala gateway hostnames so later status and SSH reconnects keep working. - Restored lease-scoped SSH host-key pinning for Namespace Instance, Phala, and Islo proxy connections instead of accepting unverified server identities. Thanks @coygeek.
- Corrected the CLI command map, coordinator API methods, and provider architecture reference to match the implemented commands, routes, and backend capabilities. Thanks @zozo123.
- Advertised Daytona's direct toolbox archive sync so
--sync-onlyand--force-sync-largework while preserving brokered Crabbox rsync. Thanks @zozo123. - Partitioned unauthenticated GitHub OAuth starts by caller with an atomic per-source limit and guarded global backstop, preventing one source from exhausting login for every user. Thanks @coygeek.
- Disabled inherited SSH agent and X11 forwarding across CLI-managed SSH, rsync, SCP, VNC, and port-forward transports, preserving per-lease credential boundaries. Thanks @coygeek.
- Collected runtime-only provider credentials through provider-owned diagnostic hooks and redacted opaque OpenSandbox and W&B upstream errors before they reach CLI output. Thanks @coygeek.
- Redacted complete punctuation-bearing authorization, API-key, and bearer values from CLI and coordinator diagnostics while preserving whitespace-separated routing context. Thanks @coygeek.
- Limited framing of proxied Browser Code responses to the same isolated Code origin, preventing sibling same-site pages from clickjacking an authenticated session without breaking code-server webviews. Thanks @coygeek.
- Revalidated non-admin GitHub grants when WebVNC and Code agent tickets are consumed, matching the existing egress fail-closed boundary after logout, emergency revocation, membership loss, or membership-check failure. Thanks @coygeek.
- Bound coordinator Azure managed-disk cleanup to a durable immutable disk claim captured from the live VM association, preventing stale adopted ownership tags from authorizing deletion. Thanks @coygeek.
- Required direct Azure release and cleanup to hold an unchanged subscription-, resource-group-, VM-name-, immutable-VM-, lease-, slug-, and provider-key-bound local claim across deletion, with durable companion-resource identities for interruption-safe cleanup. Thanks @coygeek.
- Required direct GCP release and cleanup to hold an unchanged project-, zone-, name-, numeric-instance-, lease-, slug-, and provider-key-bound local claim across deletion. Thanks @coygeek.
- Prevented repository-defined External lifecycle commands from placing inherited
external.configvalues on process arguments without an exact, trusted non-secret argv contract. Thanks @coygeek. - Prevented repository-controlled External SSH endpoint templates and adapter output from silently using ambient or operator-managed SSH credentials, with source-bound opt-ins for environment-derived fields and provider-returned destinations. Thanks @coygeek.
- Made Sealos DevBox preflight work with tenant-scoped RBAC, rendered the runtime class, storage request, scheduling constraints, and SSH port contract required by hosted Sealos clusters, updated the SSHGate default to port 2233, bootstrapped missing sync tools, and cleaned local claims safely when a DevBox is already absent. Thanks @coygeek.
- Changed portal logout to an authenticated, same-origin
POSTwith a read-onlyGETconfirmation page, preventing cross-site top-level navigation from clearing portal cookies or revoking isolated Code viewer sessions. Thanks @coygeek. - Bound non-admin GitHub WebVNC, Code, and egress bridges to their encrypted user grant and portal session, closing active or restored bridges after logout, emergency revocation, membership loss, or membership-check failure without persisting plaintext GitHub credentials. Thanks @coygeek.
- Prevented Git seed from forwarding embedded HTTP(S) origin credentials or password-bearing credentials in other URL-style remotes to Linux or Windows lease runners; Crabbox now warns without printing the remote and falls back to file sync. Thanks @coygeek.
- Confined Islo API redirects to the configured scheme, hostname, and effective port before replaying authorization or request bodies, while keeping rejected Location secrets out of diagnostics. Thanks @TurboTheTurtle.
- Redacted colon-delimited and line-folded bearer credentials from CLI and coordinator diagnostics. Thanks @TurboTheTurtle.
- Required coordinator AWS, Azure, and GCP release and provisioning-failure cleanup to re-read the stored cloud resource and verify exact provider, resource, lease, owner, and slug ownership before deletion; Azure now persists the exact subscription/resource-group scope for deferred retries and fails legacy unscoped cleanup closed for manual resolution. Thanks @coygeek.
- Required Lambda inventory, stop, and cleanup to use an unchanged instance-bound local claim, with claim-bound SSH-key deletion and durable unique-instance recovery for ambiguous creates. Thanks @coygeek.
- Required exe.dev reuse and deletion to match canonical ownership tags, random resource generation, deterministic VM name, unchanged SSH endpoint and exact local claim, authenticated account fingerprint, and current control route; lifecycle lookups now remain account-local and failed deletion retains the claim. Thanks @coygeek.
- Kept brokered artifact reads signed by default even when a display base URL is configured; explicit public reads now use a random per-grant namespace and report their access policy. Thanks @coygeek.
- Required coordinator Hetzner cleanup to re-read the stored server and verify exact canonical lease ownership labels before deletion. Thanks @coygeek.
- Required DigitalOcean, Linode, Scaleway, and Vultr inventory and destructive actions to use canonical lease identities and exact provider/resource-bound local claims, with explicit
--reclaimadoption for claimless resources and recovery-safe Vultr instance/key rollback ordering. Thanks @coygeek and @vincentkoc.
-
Renamed the
apple-vzprovider toapple-vm; the old provider name/aliases,appleVZ:config keys,--apple-vz-*flags, andCRABBOX_APPLE_VZ_*environment variables keep working as deprecated aliases, existing leases and claims stay manageable, and the state directory migrates automatically. -
Replaced the Code-Hex/vz cgo dependency with
crabbox-apple-vm-vmd, a dependency-free Swift Virtualization.framework daemon embedded in the now pure-Gocrabbox-apple-vm-helper; the helper installs and entitlement-signs the daemon itself, so Crabbox no longer copies or codesigns helper binaries. -
Updated Go SSH and OS support libraries, including upstream authentication-attempt, malformed-session, key-size, KDF, and known-host validation hardening.
-
Updated the Node/PostgreSQL coordinator to pg 8.22 and pg-boss 12.25, including current protocol parsing, startup retry, queue-cache, migration-deadlock, and scheduling fixes.
- Centralized credential redaction for provider and
doctordiagnostics, covering configured secrets, authorization headers, signed URLs, secret-bearing JSON fields, and private keys, and applied it to Sprites API errors. Thanks @coygeek. - Restricted production releases to default-branch repository dispatches for existing version tags in reviewed history, so tag pushes and ref-selectable manual workflows cannot run credentialed release configuration. Thanks @coygeek.
- Kept explicit
CRABBOX_CONFIGfiles inside the active repository in the repository trust domain, including symlink aliases, so they cannot redirect inherited provider credentials. Thanks @coygeek. - Pinned mediated-egress connections to validated public DNS results and rejected private, loopback, link-local, and reserved destinations, preventing allowlisted hostnames from rebinding into the operator network. Thanks @coygeek.
- Confined artifact manifest fetches, downloads, and brokered uploads to same-origin redirects, preventing signed URLs and upload grants from reaching another origin. Thanks @coygeek.
- Scoped user-visible usage totals to both the authenticated owner and organization, excluding same-owner leases from other organizations. Thanks @coygeek.
- Wrote captured capsule manifests and failed Actions logs with private Unix permissions, repairing broader modes when an output path is reused. Thanks @coygeek.
- Revalidated signed GitHub user tokens against current allowed organization and team membership every five minutes, failed closed on GitHub errors, and added narrow owner/login revocations without rotating every session. Thanks @coygeek.
- Bound GitHub OAuth CLI token release to a one-use callback on the initiating device, so forwarding an authorization URL cannot hand the resulting user token to another terminal. Thanks @coygeek.
- Honored an explicit broker URL and freshly issued credential during immediate post-login identity verification, even when ambient coordinator overrides point elsewhere.
- Kept coordinator restarts, run history, lease detail pages, and Azure orphan sweeps memory-bounded with exact lease restores, paged record scans, and batched terminal-run pruning after a configurable 30-day retention period.
- Redacted coordinator URL userinfo, queries, and fragments from adapter relay connection status. Thanks @coygeek.
- Closed restored legacy Code viewer sessions that lack a complete organization-bound principal during restore and after lease share revocation. Thanks @coygeek.
- Required a canonical public origin for GitHub OAuth and bound callbacks to the initiating origin before exchanging codes or issuing sessions. Thanks @coygeek.
- Redacted configured credentials, authorization headers, signed URLs, URL userinfo, and secret-bearing JSON fields before coordinator provider diagnostics are stored or returned. Thanks @coygeek.
- Redacted broker URL userinfo, queries, and fragments from
login,whoami, anddoctortext and JSON output. Thanks @coygeek. - Redacted Parallels top-level, template, and fleet-host SSH private keys from
config show --jsonwhile preserving non-secret routing metadata. Thanks @coygeek. - Redacted Proxmox token IDs, secrets, and authorization values from provider HTTP error bodies before returning diagnostics. Thanks @coygeek.
- Prevented FastAPI Cloud bearer credentials from following cross-origin redirects, preserved caller redirect policies, and rejected unsafe credential-destination URL components. Thanks @coygeek.
- Treated malformed percent-encoded portal cookies as absent instead of throwing before normal authentication handling. Thanks @coygeek.
- Verified downloaded GitHub Actions runner archives against the exact upstream release-asset SHA-256 digest before replacing or extracting the installed runner. Thanks @coygeek.
- Required an unchanged region-bound local claim before direct AWS cleanup can terminate an instance discovered through provider tags. Thanks @coygeek.
- Revalidated live AWS, Azure, and GCP instance identity, ownership, lease binding, cleanup eligibility, and any destructive companion-resource identity immediately before direct cleanup deletion. Thanks @coygeek.
- Required W&B sandbox reuse, status, and stop to match an exact endpoint/entity/project/resource-bound local claim plus provider inventory ownership. Thanks @coygeek.
- Required RunPod stop to use an exact pod ID/name-bound local claim, with conflict-safe explicit
--reclaimadoption for unclaimed or legacy pods. Thanks @coygeek. - Made coordinatorless generic provider live smokes skip coordinator-only history and always clean up acquired leases after later lifecycle failures.
- Replaced privileged managed Linux Code Server and Tailscale installer scripts with checksum-verified archives or Tailscale's signed package repository with a pinned keyring in both CLI and coordinator bootstrap paths. Thanks @TurboTheTurtle.
- Documented the deterministic perf evidence contract for future reproducible metric budgets, separating fuel/instruction-style gates from existing wall-clock timing and benchmark ledger behavior.
- Documented the delegated-runner contract and live proof bar required before built-in non-SSH provider adapters can advertise a hosted runner integration.
- Added a delegated HashiCorp Nomad provider with create-only owned jobs, archive sync, retained lease reuse, exact-claim lifecycle cleanup, optional env-only ACL auth, and zero-residue live-smoke coverage. Thanks @coygeek.
- Added
crabbox shardto fork a checkpoint into parallel leases, run templated commands through the normal sync/history pipeline, stream per-shard output, merge JUnit results, and release every fork on success, failure, or interruption. Thanks @yetval. - Added
crabbox watchto reuse one warm SSH lease, coalesce qualifying local changes into sequential runs through the normal sync/history pipeline, and release newly acquired leases on bounded idle or exit. Thanks @yetval. - Added
crabbox checkpoint fork -- <command...>to run the normalcrabbox runflow across fork fan-out leases with{{index}},{{total}},{{lease}}, and{{slug}}template variables. - Added Vast.ai direct Linux GPU SSH leases with guarded offer cost and reliability selection, per-lease keys, account-bound cleanup, required-tool bootstrap, and billable live-smoke coverage. Thanks @coygeek.
- Added an exact-origin
CRABBOX_WEBVNC_AGENT_BASE_URLoverride for deployments that route portal APIs and outbound WebVNC agent sockets separately.
- Revalidated cached GitHub and bearer admin grants against the current deployment before restoring bridge sockets or consuming durable bridge tickets and Code sessions, closing or downgrading sessions after revocation. Thanks @coygeek.
- Redacted reflected provider credentials, lifecycle command URLs, and configured endpoint userinfo from error diagnostics and
config showoutput while preserving useful failure detail. Thanks @coygeek. - Rejected cross-origin Morph and Railway redirects before credentials or request bodies can be replayed, and redacted rejected credential-bearing redirect destinations. Thanks @coygeek.
- Required explicit browser-navigation intent for portal HTML routes, preventing ambient subresource requests from silently creating authenticated portal sessions.
- Required exact endpoint-bound local claims before Daytona sandbox reuse, status, or deletion, including delayed provider inventory recovery. Thanks @coygeek.
- Reported Apple VZ helper startup failures deterministically instead of racing them into misleading readiness timeouts. Thanks @coygeek.
- Preserved the configured controller identity binding when rendering redacted configuration and launching controller subprocesses.
- Released checkpoint forks with a fresh cleanup context after post-acquire provisioning failures or caller cancellation. Thanks @yetval.
- Required canonical Hetzner labels plus an exact server-bound local claim before direct stop or cleanup can delete a server, and kept canonical lease IDs from falling through to slug or name aliases. Thanks @coygeek.
- Kept WebVNC framebuffer and heartbeat traffic responsive while desktop themes apply, and fully detached long-lived Wayland wallpaper processes from their launching SSH sessions.
- Required an exact local or explicit
stop --reclaimdeployment claim before stopping an out-of-band Railway service, binding adoption to the configured endpoint, project, environment, service, and deployment. Thanks @coygeek. - Refused repository-selected Static SSH, Parallels, and exe.dev control destinations when they would inherit trusted or ambient SSH authentication; explicit host overrides remain available for operator approval. Thanks @coygeek.
- Removed the Code viewer bootstrap bearer ticket from redirect URLs and browser history by handing it to the isolated lease origin through a no-store, POST-only form. Thanks @coygeek.
- Replaced raw generated VNC credentials in copied WebVNC links with short-lived, one-time, authorization-checked handoff tickets. Thanks @coygeek.
- Closed restored WebVNC viewer sockets that lack a complete current organization-bound principal instead of retaining owner-only legacy authorization. Thanks @coygeek.
- Enforced key-only OpenSSH authentication across managed Windows desktop, core, and WSL2 bootstraps while retaining generated Windows passwords for console and VNC use. Thanks @coygeek.
- Compared coordinator admin, shared-operator, runtime-adapter, proxy, and signed-session secrets without mismatch-position or early length exits. Thanks @coygeek.
- Prevented direct Azure list, stop, and cleanup paths from treating weak
crabbox=truetags as ownership; destructive operations now require canonical Azure ownership tags and an exact matching lease ID, and successful deletion removes local lease keys. Thanks @coygeek. - Restricted brokered Azure image and OS-disk selectors to admin-authenticated requests while preserving user-selectable Azure placement. Thanks @coygeek.
- Required exact provider, resource, and local-claim ownership before Hyper-V, Multipass, or Parallels release and cleanup paths can delete virtual machines. Thanks @coygeek.
- Required exact resource-bound local lease claims before Apple Container, local-container, or Apple VZ stop operations can delete provider resources; legacy unbound claims require explicit
--reclaimadoption before stop. Thanks @coygeek. - Hardened Azure Windows snapshot forks to fail closed through credential rehydration and quarantine cleanup, reuse only writable NIC payloads, reject unknown differential disks, and retry in-use security-group cleanup. Thanks @fcoury-oai.
- Rolled back brokered Hetzner servers when post-create readiness fails, deleting only lease-owned SSH keys created by the failed attempt after server cleanup succeeds while preserving explicit no-delete retention until a later delete. Thanks @coygeek.
-
Added configurable Azure snapshot and restored OS-disk storage SKUs, concurrent snapshot-fork prerequisites, and verified parallel resource cleanup. Thanks @fcoury-oai.
-
Added direct Azure Windows managed OS-disk checkpoints and snapshot-backed forks with source restart, fresh SSH/Windows/VNC credentials, and loopback-only desktop access. Thanks @fcoury-oai.
-
Added a foreground, loopback-only
crabbox vnc --native-handoffcontract for native viewers, including one-time workspace grants that relay VNC through the coordinator without exposing its SSH key; credentials and grants use private pipes and tunnel lifetime remains owned by the client process. -
Enabled desktop-capable runtime-adapter workspaces instead of discarding Crabfleet's requested desktop capability, and report native VNC separately from browser VNC.
-
Added direct FastAPI Cloud application and deployment inspection through
status,list, anddoctor, including configured default application support. Thanks @zozo123. -
Added
crabbox checkpoint fork --countfor provider-neutral fan-out from archive checkpoints, native checkpoints, and direct Parallels snapshots without adding runtime-specific fork flags. -
Added
provider: vultrfor direct Linux SSH leases with per-lease keys, account-bound cleanup, optional existing firewall/VPC attachment, and guarded live smoke coverage. Thanks @coygeek. -
Added the Crownest delegated-run provider for hosted Linux Workspace Runs with staged archive sync, streamed output, reusable sandbox claims, and guarded lifecycle cleanup. Thanks @tristanmanchester.
-
Added normalized provider runtime, reachability, and lifecycle capabilities plus matching
--runtime,--reachability, and--lifecyclefilters tocrabbox providersandcrabbox providers recommend. -
Added
crabbox providers recommendprofiles for fan-out testing, offline validation, failure diagnostics, warm starts, resource observability, code interpretation, disposable execution, web-app smoke, and interactive debugging. -
Added a provider live-smoke contract for adapters that need credentials, quota, local runtimes, or private control planes, and kept credentialless local runtime smoke paths visible in
crabbox providers recommend live-smoke. -
Expanded the guarded
scripts/live-smoke.shmatrix to Apple Container, Local Container, Docker Sandbox, SmolVM, Superserve, Vercel Sandbox, Linode, DigitalOcean, Nebius, OVHcloud, NVIDIA Brev, Phala, Anthropic Sandbox Runtime, OpenSandbox, Proxmox, XCP-ng, Multipass, and Tart. -
Added live-smoke documentation and dispatch regression coverage for Agent Sandbox, Scaleway, KubeVirt, Daytona, Namespace Devbox, Namespace Compute, Semaphore, Sprites, and W&B.
-
Added live-smoke workflow, configuration, and credential preflight coverage for Blacksmith Testbox, Incus, External, E2B, Modal, Tenki, and Morph.
-
Documented local runtime live-smoke coverage for Apple Container, Local Container, Multipass, Tart, and Apple VZ.
-
Added reusable
--lease-outputrun-session metadata for Cloudflare Sandbox, Vercel Sandbox, CodeSandbox, OpenSandbox, Upstash Box, Azure Dynamic Sessions, Freestyle, Tensorlake, Superserve, SmolVM, OpenComputer, Agent Sandbox, and Apple Machine.
- Bound GitHub browser-login owners to verified email addresses, recorded that provenance in a versioned user-token schema, and invalidated legacy tokens that could retain unverified owner identities. Thanks @coygeek.
- Required exact local claims before Freestyle or Islo delete, pause, resume, and SSH reuse operations, while preserving explicit
--reclaimadoption and read-only canonical-name recovery. Thanks @coygeek. - Required a valid isolated per-lease origin before serving browser Code HTTP or WebSocket traffic, preventing lease-controlled pages from inheriting coordinator portal authority. Thanks @coygeek.
- Restricted brokered AWS and GCP resource selectors to admin-authenticated requests so normal users cannot steer coordinator cloud credentials toward caller-selected networks, images, projects, tags, or instance identities. Thanks @coygeek.
- Pinned NodeSource and Docker APT signing fingerprints across managed Linux image preparation and local-container Docker CLI bootstrap, preserving existing trust files, stopping image preparation on mismatch, and using distro packages for local-container fallback. Thanks @coygeek.
- Bound non-admin coordinator provider-key names and automatic cleanup to verified, persisted lease ownership metadata, rejecting unsafe AWS and Hetzner name collisions while retaining legacy and Hetzner provider-unique shared key identities. Thanks @coygeek.
- Pinned the Windows developer-image Node MSI and Docker Engine archive to reviewed SHA-256 digests before privileged installation, with fail-closed digest requirements for version overrides. Thanks @coygeek.
- Restored direct and brokered AWS Windows developer-image candidate capture by routing the guarded mint wrapper through native AMI checkpoints while retaining brokered promotion.
- Prevented direct AWS raw-instance release from reaching deletion unless canonical Crabbox ownership tags match the resolved lease, with a second guard at the destructive provider boundary. Thanks @TurboTheTurtle.
- Prevented Sprites API credentials from targeting unsafe endpoint URLs or following redirects outside the configured API origin. Thanks @coygeek.
- Recovered ASCII Box release when the service temporarily requires a recent snapshot by shortening the sandbox TTL, waiting for the managed stop transition, and retrying deletion.
- Isolated brokered artifact uploads by opaque organization and owner namespaces so identities and caller prefixes cannot collide across authorization scopes. Thanks @coygeek.
- Prevented ASCII Box API credentials from reaching unsafe explicit base URLs by requiring HTTPS except for loopback development endpoints, rejecting ambiguous URL components, and supporting config discovery in the current Box CLI. Thanks @coygeek.
- Pinned the Google Linux package signing fingerprint, preserved its source-scoped APT keyring across Chrome installation, and failed closed to Chromium when verification fails. Thanks @coygeek.
- Hardened coordinator image deletion so admin
image deleterequests fail closed unless stored Crabbox-created metadata proves ownership of the AWS, Azure, or GCP image or snapshot. - Prevented unused WebVNC and Code bridge tickets from surviving manager share revocation. Thanks @coygeek.
- Prevented revoked lease managers from retaining mediated-egress bridges after lease sharing was removed or downgraded. Thanks @coygeek.
- Prevented the Code portal proxy from forwarding coordinator authentication context to lease-controlled code-server requests. Thanks @coygeek.
- Rejected GitHub login callback origins that differ from the selected broker unless explicitly allowlisted as a trusted alias, preventing OAuth callbacks from silently redirecting stored credentials. Thanks @TurboTheTurtle.
- Rejected WebVNC, Code, and egress bridge tickets in URL query strings by default while retaining an explicit temporary legacy opt-in. Thanks @TurboTheTurtle.
- Required manage access for post-create run lease attribution, preventing use-share users from retagging unrelated runs into another owner's audit history. Thanks @TurboTheTurtle.
- Derived omitted coordinator lease provider keys from the finalized lease ID instead of a shared fallback, preventing cross-lease SSH key reuse. Thanks @TurboTheTurtle.
- Rejected portal OAuth return targets containing HTTP header control characters, preventing malformed redirect responses from breaking login completion. Thanks @TurboTheTurtle.
- Prevented Cloudflare Sandbox bridge credentials and request bodies from following redirects outside the configured bridge origin while preserving same-origin redirects. Thanks @coygeek.
- Dropped invalid allowlisted environment names before rendering remote POSIX or Windows commands, preventing shell metacharacters in ambient names from creating unintended commands. Thanks @coygeek.
- Pinned Windows Chocolatey image bootstrap to a checksum-verified versioned package before privileged installation. Thanks @TurboTheTurtle.
- Redacted Daytona API and upload credentials from provider error diagnostics, including reflected authorization headers and token-bearing JSON fields. Thanks @TurboTheTurtle.
- Recognized current Windows 11 Sandbox host processes during run monitoring and cleanup, preventing false early exits and orphaned sandboxes on 24H2 and newer builds. Thanks @paulcam206.
- Replaced fixed-size Xvfb/x11vnc desktops on managed Linux workspaces with loopback-only TigerVNC displays that honor native viewer resize requests while preserving VNC authentication and existing-service health fallbacks.
- Mounted the implicit local-container Docker-socket cache root at
/work/crabboxwhile preserving explicit work roots, restoring access for the unprivileged guest user. Thanks @hxy91819. - Rewrote credential-bearing user config atomically so failed updates preserve the previous readable file, owner-only permissions, and configured symlinks. Thanks @clawsweeper.
- Scoped managed AWS security groups per coordinator actor and preserved lease-declared CIDRs across heartbeats, preventing concurrent leases from revoking SSH and WebVNC access.
- Allowed owners to reactivate their own retained EC2 Mac instances without admin-token pinning, avoiding replacement launches while the single-capacity host is occupied or undergoing AWS's post-termination sanitization.
- Bridged native Windows VNC locally through SSH instead of sending oversized POSIX lifecycle scripts through PowerShell, restoring WebVNC startup on Windows guests.
- Provisioned complete VNC, noVNC, and XFCE services when Linux Parallels leases request desktop capability, including upgrades from stale core-only readiness markers.
- Forced managed AWS macOS leases onto Apple's socket-activated Remote Login port 22, preventing inherited SSH-port settings from producing unreachable lease metadata and stalled WebVNC bridges.
- Restored incomplete Linux Node.js toolchains through NodeSource when
npmor Corepack is missing, preventing source installers from failing on otherwise valid images. - Rejected AWS developer-tool images older than Node.js 24 during candidate smoke validation.
- Added the documented
--ssh-portlease-creation override so provider warmups can select the target SSH port without environment-only configuration. - Preserved direct remote Parallels host identity in logs, inventory labels, errors, checkpoint previews, and follow-up lifecycle routing.
- Enabled macOS Remote Login while preparing Parallels clones so disabled source templates fail fast into a usable SSH lease instead of waiting for readiness timeout.
- Made remote Parallels proxy SSH non-interactive with a bounded connection attempt, preventing encrypted host keys from stalling lease and WebVNC readiness.
- Switched Windows desktops to TightVNC service mode and removed the broken per-user startup path, restoring authenticated WebVNC sessions for already logged-in guests.
- Fixed Tart SSH readiness on hosts where OpenSSH can reach the guest but Go's raw TCP probe cannot. Thanks @kmcquade.
- Revoked active WebVNC and Code viewers when their lease share access is removed while preserving owner, admin, and still-authorized sessions. Thanks @coygeek.
- Prevented E2B and Upstash Box credentials from following redirects outside each request's trusted origin while preserving same-origin redirects. Thanks @coygeek.
- Prevented SmolVM API credentials from following redirects outside the configured API origin while preserving same-origin redirects. Thanks @coygeek.
- Made direct and brokered Azure Windows desktop leases converge on working SSH/SFTP, first-logon readiness, terminal extension state, retryable disk cleanup, and actionable bootstrap diagnostics. Thanks @fcoury-oai.
- Added
provider: nebiusfor direct Nebius AI Cloud Linux SSH leases through the native CLI, with profile-owned authentication, managed networking and disks, and claim-backed lifecycle hardening. Thanks @coygeek. - Added an opt-in local benchmark timing ledger with repeated provider runs and evidence-aware reports. Thanks @TurboTheTurtle.
- Added the Phala confidential Intel TDX CVM provider with default-on hardware attestation, exact Compose binding, TLS-authenticated SSH, and fail-closed claim-backed lifecycle cleanup. Thanks @anagnorisis2peripeteia.
- Added reusable E2B run-session handles and cleanup commands for
--keep --lease-output. Thanks @kiranmagic7. - Added reusable Modal run-session handles and cleanup commands for
--keep --lease-output. Thanks @kiranmagic7. - Added the Scaleway direct Linux SSH-lease provider with per-lease IAM keys, claim-backed lifecycle recovery, and guarded live smoke coverage. Thanks @coygeek.
- Added reusable W&B run-session handles and cleanup commands for
--keep --lease-output. - Added Linux CPU capacity to lease telemetry and portal status details.
- Consolidated lifecycle cleanup, credential routing, artifact boundaries, and run-history recovery guarantees across the README and operational documentation.
- Refreshed the bundled Crabbox agent skill for current remote-proof, job, pool, artifact, desktop, and provider-boundary workflows. Thanks @coygeek.
- Defined Crabbox's supported single-user and cooperative-team security boundary, clarified repository configuration as trusted project automation, and separated vulnerability reporting from compatibility-preserving hardening.
- Verified pinned OpenSSH, Git for Windows, TightVNC, and versioned Ubuntu WSL bootstrap artifacts before privileged extraction, installation, or import. Thanks @coygeek.
- Preserved valid JUnit summaries when sibling reports are malformed, stopped silently truncating auto-discovered reports, and added opt-in failure status for parsed test failures. Thanks @coygeek.
- Redacted WebVNC viewer URLs, usernames, and passwords from command output by default while preserving explicit private-terminal reveal. Thanks @coygeek.
- Prevented repository-local KubeVirt config from selecting operator SSH key paths while preserving inline public keys. Thanks @coygeek.
- Restricted lease sharing rosters to owners, admins, and
managerecipients while keeping shared leases visible touserecipients. Thanks @coygeek. - Redacted credential-bearing Proxmox API URL userinfo from text and JSON
config showoutput. Thanks @coygeek. - Restricted EC2 Mac Dedicated Host inventory to admins or callers with a visible attached lease, and required admin authentication for explicit brokered host pinning. Thanks @coygeek.
- Restricted runtime-adapter service credentials to workspace lifecycle and desktop-connection routes, excluding interactive terminal attachment. Thanks @coygeek.
- Rejected cross-origin Azure Dynamic Sessions redirects before command, environment, upload, or management bodies can be replayed. Thanks @coygeek.
- Kept manual release publication on the reviewed default-branch GoReleaser configuration instead of allowing a selected tag to replace credentialed release behavior. Thanks @coygeek.
- Rejected cross-origin coordinator redirects before bearer, Access, or local identity headers can be replayed. Thanks @coygeek.
- Redacted configured Upstash Box API keys from HTTP and streamed error diagnostics. Thanks @coygeek.
- Redacted configured Semaphore API tokens from provider response diagnostics. Thanks @coygeek.
- Kept GitHub Actions runner registration tokens off remote SSH command arguments. Thanks @coygeek.
- Redacted Cloudflare runner bearer tokens from HTTP and streamed error diagnostics. Thanks @coygeek.
- Confined remote failure-bundle links to the generated archive subtree and omitted unsafe special entries. Thanks @coygeek.
- Required actual Islo sandbox identifiers to already be canonical before raw-ID recovery can reach provider operations. Thanks @coygeek.
- Required canonical generated Freestyle VM names before raw-ID recovery can reuse or delete provider resources. Thanks @coygeek.
- Rejected plaintext non-loopback E2B API endpoints before provider credentials can be attached. Thanks @coygeek.
- Rejected cross-origin RunPod REST redirects before bearer credentials or pod-create bodies can be replayed. Thanks @coygeek.
- Rejected non-canonical signed browser-session tokens so suffix changes cannot bypass Code portal logout revocation. Thanks @coygeek.
- Required a matching local claim before Cloudflare container reuse, status, or stop operations can reach the runner. Thanks @coygeek.
- Redacted configured Freestyle API keys from lifecycle, command, and file-operation error diagnostics. Thanks @coygeek.
- Redacted configured OpenComputer API keys from control-plane and upload error diagnostics. Thanks @coygeek.
- Rejected cross-origin Cloudflare runner redirects before command, environment, or upload bodies can be replayed. Thanks @coygeek.
- Validated AWS region inputs before building SigV4-signed service endpoints, preventing request-selected hostname escapes. Thanks @coygeek.
- Required run artifacts now reject dangling symlinks and symlinks to directories instead of treating them as proof files. Thanks @coygeek.
- Rejected symlinked and non-regular artifact bundle entries before publish side effects, preventing files outside the selected bundle from being uploaded. Thanks @coygeek.
- Kept
CRABBOX_ENV_ALLOWauthoritative over selected profile allowlists while preserving explicit--allow-envadditions. Thanks @coygeek. - Made desktop paste/type and POSIX launch/proof success depend on verified clipboard delivery or live/visible launch state, including clipboard-manager and wrapper handoffs. Thanks @coygeek.
- Released newly created SSH leases when prewarm hydration, probe, or ready-pool registration fails, preventing paid lease leaks. Thanks @coygeek.
- Preserved transient run-history creation retries until a replacement lease attaches successfully.
- Stopped lease-local mediated egress daemons during ordinary lease stop before provider release.
- Revoked isolated Code viewer sessions when their GitHub portal session logs out, preventing stale viewer cookies from retaining prior-owner lease access. Thanks @coygeek.
- Prevented unauthenticated Cloudflare Access key fetches and bounded key-set refresh work for invalid JWT key IDs. Thanks @coygeek.
- Blocked normalized empty-segment variants of internal coordinator routes and stripped caller-supplied internal headers before fleet dispatch. Thanks @coygeek.
- Source-bound Azure Dynamic Sessions bearer tokens to operator-approved endpoints instead of repository-selected destinations. Thanks @coygeek.
- Made coordinator-backed
crabbox listquery the user's active orchestrator leases directly, reserving admin-wide machine inventory for--alland avoiding stale admin-token warnings during ordinary listing. - Let Islo use tenant defaults for implicit sandbox image and capacity while preserving every explicit config, environment, and flag override. Thanks @zozo123.
- Made new runtime-adapter ticket claims provisional until agent connection or lease registration, allowing authenticated recovery of expired inactive first claims while preserving all existing and confirmed adapter IDs.
- Separated shared automation tokens from signed user-token keys, preserving shared-token-only automation while requiring distinct session signing material for GitHub login.
- Required retained coordinator ownership records before orphan sweeps delete AWS or Azure machines or release EC2 Mac hosts, while keeping tag-only and legacy candidates visible in reports.
- Verified the pinned GitHub CLI release artifacts before installing them in the default Cloudflare sandbox image and preserved true AMD64/ARM64 target selection during cross-platform builds.
- Pinned and verified the default Proxmox template cloud image before conversion, while preserving custom image URLs with a required matching SHA256.
- Kept Code, WebVNC, and Egress bridge tickets out of WebSocket URLs while preserving ordinary coordinator authentication, older-coordinator bearer retries, and legacy-client compatibility.
- Added opt-in per-lease Code portal origins with one-time viewer bootstrap and lease-scoped browser sessions, isolating proxied workspace content from coordinator and other lease origins without changing existing Code URLs. Thanks @coygeek.
- Source-bound broker and direct-provider credentials to repository-configured endpoints, while preserving same-source custom deployments and explicit environment or CLI overrides.
- Restricted Crabbox-managed Windows credential files to the managed user, Administrators, and SYSTEM without changing desktop credential consumers. Thanks @coygeek.
- Created default artifact bundles and retained run logs/metadata with private local permissions while preserving explicit shared-output directories. Thanks @coygeek.
- Documented the end-to-end runtime adapter topology, trust boundaries, request paths, startup order, and failure signals.
- Added
crabbox connect <lease-id-or-slug>to open an interactive SSH session to key-, certificate-, and proxy-authenticated provider targets while keepingcrabbox sshas the print-only command surface for token-as-username providers. - Added
crabbox adapter ingressas a provider-neutral authenticated HTTP and WebSocket bridge for loopback fleet services. - Added JSON API initiation of generation-fenced runtime-adapter workspace deletion through explicit registered lease release.
- Added reusable Cloudflare container run-session handles with exact cleanup commands for
--keep --lease-output. Thanks @zozo123.
- Pinned GitHub Actions workflow dependencies to reviewed immutable commits and added CI enforcement against mutable references. Thanks @coygeek.
- Hardened XCP-Ng repository config so it cannot override trusted provider credentials. Thanks @coygeek.
- Replaced browser-native portal confirmation and clipboard prompts with themed, keyboard-accessible HTML dialogs.
- Hardened GCP operator inventory and workspace recovery by requiring deterministic Crabbox instance names plus canonical provider labels before accepting resources. Thanks @coygeek.
- Hardened shared-lease run auditability by preserving actor attribution while granting lease owners read-only access to runs, logs, events, telemetry, and portal history. Thanks @coygeek.
- Pinned shipped runtime container base images to reviewed multi-platform digests and enforced the pins in CI. Thanks @coygeek.
- Redacted manage-only WebVNC bridge commands and egress session details from
useshare viewers. Thanks @coygeek. - Created run downloads, captures, proofs, and failure bundles with private POSIX permissions. Thanks @coygeek.
- Rejected broker-supplied GitHub login URLs that do not use the expected HTTPS GitHub authorization endpoint.
- Preserved single-use bridge tickets when presented to the wrong lease, role, or runtime-adapter endpoint. Thanks @coygeek.
- Required lease manage access before resetting another operator's WebVNC bridge. Thanks @coygeek.
- Aligned the
apple-containerprovider fallback image with the portable OS default while preserving explicit image choices. Thanks @coygeek. - Fixed
apple-containerinventory parsing for Apple container 1.0 object-form status and nested network addresses. Thanks @coygeek. - Added a dedicated route-scoped service credential for Crabfleet workspace lifecycle requests without granting general coordinator access.
- Kept accepted workspace creates successful when post-persist prewarm maintenance is temporarily unavailable.
- Added configurable organization-wide workspace prewarming with cross-owner adoption, immediate replenishment while busy, and automatic idle drain.
- Added
crabbox webvnc localon macOS and Linux for token-gated browser access to an existing loopback VNC tunnel, with the VNC password accepted only through stdin and kept out of process arguments, environment variables, URLs, and viewer files. - Added authenticated Crabfleet workspace terminals with bounded SSH/WebSocket bridging, durable tmux resume, and lifecycle revocation.
- Added
crabbox adapter connect, an outbound ticket-authenticated relay for the narrowcrabfleet/v1runtime-adapter API, with a current-user-owned peer-verified Unix-socket transport, per-request local-token reload, bounded bodies, configurable desktop request timeouts, and reconnecting coordinator login refresh. - Added
crabbox adapter serve, a generic authenticated Linux/macOS-hosted workspace lifecycle API with a no-follow descriptor-verified lock in a private current-user-owned state directory, read-only state validation, crash-owned lifecycle children including bounded provider discovery, fixed TTL/idle and machine-shape override policy, explicit idempotent fixed-ID provider contracts, immutable full-identity status adoption and full-identity pre-release validation even before claim persistence, per-attempt provider route/config scopes, exact fixed external identities with crash-reclaimable fully fsynced slug reservations, restart-safe gated provider-side-effect durability with immediate memory-retried credential-bridge revocation on failed terminal writes, adapter-only side-effect-free WebVNC restarts with ordinary daemon heartbeats preserved, scope/state/resource-bound daemon reuse, per-workspace daemon OS locking, verified WebVNC supervisor/process-tree revocation, exact remote websockify socket/process ownership plus authenticated noVNC WebSocket readiness, full-identity refreshed-absence cleanup, bounded process-tree orchestration, no-follow token loading, exact-owned non-forking loopback SSH tunnels on Linux/macOS/Windows, and a public open-source Linux desktop bootstrap with noVNC/websockify, private user-owned VNC credentials, and a narrowly privileged desktop reset helper. - Added
provider: ovhfor direct OVHcloud Public Cloud Linux SSH leases with signed API authentication, local claim-backed ownership, guarded recovery, and live lifecycle coverage. Thanks @coygeek. - Added
provider: codesandboxfor delegated CodeSandbox Linux environments with archive sync, retained lifecycle, pause/resume, preview URLs, exact SDK pinning, truthful running-state checks, command exit propagation, and live lifecycle coverage; archive-sync orchestration is now shared across CodeSandbox, OpenComputer, OpenSandbox, Superserve, and Vercel Sandbox. Thanks @coygeek. - Added
provider: cloudflare-dynamic-workersfor authenticated Worker-runtime module execution through Cloudflare Dynamic Workers, including blocked-by-default egress, stable caching, durable run metadata, lifecycle commands, and isolated live smoke coverage. Thanks @coygeek. - Added
provider: agent-sandboxfor delegated Linux runs through Agent Sandboxv0.5.0rc1v1beta1warm pools, using the operator'skubectlfor dependency-light discovery, lifecycle, archive sync, exec, guarded ownership cleanup, and live smoke coverage. Thanks @coygeek. - Added
provider: vercel-sandboxfor delegated Linux microVM runs through the official Vercel Sandbox SDK, including archive sync, streamed output, retained-session resume, ownership-guarded lifecycle operations, and guarded live smoke coverage. Thanks @coygeek. - Added generic Job evidence fields plus bounded Islo single-file
--require-artifactand--downloadsupport, with provider capability gating and secret-safe archive upload errors. Thanks @zozo123. - Added owner-scoped outbound runtime-adapter relays so registered workspaces can be created and deleted through a provider-neutral lifecycle API without exposing the provider control plane, including confirmed Delete actions in the portal.
- Hardened Agent Sandbox repository-config workload and workdir selection, mount-safe replacement sync, pinned pod-container execution, absolute and multi-file kubeconfig handling, controller-enforced TTL expiry with retained exact-claim cleanup, warm-pool/lifecycle/downstream identity validation, one-shot cleanup arming, cleanup dry-run identity checks, root-rechecked missing-claim handling, downstream-missing claim retention, recoverable ambiguous-create reconciliation, terminal status detection, retained activity bookkeeping, local claim removal reporting, and UID-pinned recovery leases when failed-readiness cleanup cannot reach Kubernetes; thanks @coygeek.
- Added an explicit
webvnc local --security-type vncmode that forces standard VNC password authentication when a server advertises account authentication first. - Fixed coordinator hibernation recovery to preserve unambiguous live bridges while rejecting duplicate or stale restored endpoints.
- Fixed portable Node coordinator startup when the production bundle loads the external CommonJS
ssh2dependency. - Fixed CodeSandbox ownership tags, one-shot SDK bridge shutdown, mount-safe root workspace replacement, runtime-only resume responses, and authenticated preview URLs, preventing lifecycle rejection, command hangs, archive-sync failures, and unusable private port links.
- Hardened runtime-adapter relays with end-to-end absolute deadlines, durable generation-scoped dispatch fences retained across ambiguous connector failures, atomic owner-only legacy cleanup, rejection of unfenced proxy deletes, per-owner in-flight quotas, post-cancellation accounting, response-delivery grace, connector-matched request validation, restart-safe TTL-first live-bridge revocation, retry-safe upstream rejection handling, generation-fenced confirmed-absence acknowledgments, and cleanup-fenced workspace bindings.
- Fixed Cloudflare Dynamic Workers lifecycle reads, compatibility identity, bundle validation, and live-smoke credential isolation.
- Fixed Windows local-container sync to avoid unusable WSL command shims, support Docker Desktop mount roots, and fall back to native rsync when WSL lacks native SSH tooling. Thanks @brokemac79.
- Fixed brokered Tailscale cleanup to avoid privileged deletion from client-posted device IDs, preserve connectivity across normal reboots, and fail live preflight on application-level errors.
- Fixed Crabfleet workspaces to use any configured brokered provider and route the OpenClaw deployment through its canonical OAuth host and verified AWS backend with isolated, ephemeral key-only SSH access, stock-image cloud-init, and readiness-gated, pinned, Workers-compatible terminal attachment.
- Kept controller-acknowledged post-acquire failures behind the durable provider-release gate, accepted coordinator token-command authentication in outbound adapters, dispatched relay requests concurrently with reserved delete capacity and disconnect cancellation, held auto-selected local WebVNC ports under host-wide lifetime reservations across workspace daemons, and made Windows controller sidecar replacement/removal write-through durable.
- Made controller create/delete durability acknowledgments retryable, durably gated the complete raw acquisition identity and exact returned coordinator adapter/workspace binding before readiness, retained started pre-acknowledgment attempts through stable-absence or exact-identity recovery cleanup, moved ready identity drift into expected-identity cleanup without first-adopting later resolve output, retained terminal desktop revocation intent until the stopping transition persists, deferred coordinator deregistration and claim/routing removal until stable provider absence, loaded exact persisted external routing for controller inspect/inventory/stop even without a claim, required raw external release attestations including declarative raw acquire/resolve
json-leaseoutput, complete declarative and protocol-command inventory, and an exactcloudIdargument in every declarative release command, fsynced external routing temporaries before rename plus the installed directory and full ancestor chain afterward, made confirmed-absence claim/routing/reservation deletions directory-durable before terminal acknowledgment, boot-bound Linux slug-reservation owners to the kernel boot ID plus PID/start ticks, required full WebVNC provider identity checks, ignored unrelated partial inventory while failing closed on partial target matches, failed closed on oversized inventory without repeating successful release, gated startup child recovery on a directory-synced state snapshot, suppressed ordinary registered auto-WebVNC daemons during controller child warmup, honored controller policy flag precedence before validating environment duration fallbacks, namespaced direct-SSH WebVNC identities by a domain-separated public controller/provider owner ID while keeping raw owner tokens out of daemon argv, status, and logs, allocated their remote loopback ports under a host-wide lock with occupied-port and bind-collision retries plus exact chosen-port persistence, bound Linux controller and WebVNC process identities to the current boot plus PID/start/nonce, required exact local listener ownership before direct-SSH credential retrieval, authentication, or viewer URL emission, restricted remote reset termination to the complete persisted process identity, budgeted SSH tunnel readiness across the configured connect timeout plus listener verification, restarted WebVNC after foreground SSH tunnel death, installed noVNC, Websockify, and util-linux in generated Linux desktop bootstraps, honored absoluteXDG_CONFIG_HOMEoverrides for external routing state on every platform while rejecting invalid values, used native Windows process APIs for daemon identity checks, and fixed the desktop reset helper to trusted absolute commands.
- Added an idempotent workspace adapter over coordinator leases, with durable owner-scoped lifecycle mapping and truthful capability negotiation for external control planes.
- Added
provider: nvidia-brevfor direct Linux GPU workspaces through the Brev CLI and generated SSH config, including normal Crabbox sync/run access, guarded ownership cleanup, and livenvidia-smismoke coverage. Thanks @coygeek. - Added a generated provider decision matrix with checked metadata for execution model, access, substrate, GPU fit, lifecycle, cleanup, and provider caveats; docs validation now fails on provider drift. Thanks @coygeek.
- Added confirmed lifecycle actions to portal lease rows, with provider shutdown for coordinator-managed boxes and explicitly metadata-only deregistration for client-managed boxes.
- Added
provider: superservefor delegated Linux sandbox runs through the Superserve control and data planes, including archive sync, retained leases, ownership-guarded lifecycle operations, and credentialed live smoke coverage. Thanks @coygeek. - Added
provider: namespace-instance(namespace-compute) for short-lived Namespace Compute Linux leases throughnsc, including per-lease SSH keys, proxy-backed sync/run, duration safeguards, ownership-filtered cleanup, and guarded live smoke coverage. Thanks @coygeek. - Added comprehensive guides for deploying the portable Node/PostgreSQL coordinator and integrating private control planes through generic external providers, registered inventory, sharing, and outbound WebVNC.
- Added
provider: linodefor direct Linux SSH leases with per-lease keys, account-bound cleanup, preserved operator tags, interface-aware existing firewalls, and guarded live smoke coverage. Thanks @coygeek. - Added
provider: windows-sandboxfor disposable native Windows runs through Microsoft Windows Sandbox, including mapped workspace sync, streamed output, timeout and cancellation cleanup, and keep-on-failure inspection. Thanks @zozo123. - Added
provider: smolvmfor delegated Linux microVM runs through the hosted smolfleet API, including archive sync, retained leases, status, cleanup, and repository-scoped ownership checks. Thanks @zozo123. - Added guarded SmolVM live E2E coverage for retained reuse, archive replacement, environment forwarding, command exit propagation, diagnostics, and targeted cleanup.
- Added non-mutating Proxmox storage, bridge, pool, template, and cluster inventory readiness diagnostics plus guarded live lifecycle smoke coverage, with safer failed-create and cleanup claim handling. Thanks @coygeek.
- Added direct SSH login helpers for kept Islo sandboxes through the official Islo CLI proxy. Thanks @zozo123.
- Added a portable Node.js and PostgreSQL coordinator runtime with durable pg-boss maintenance jobs, WebSocket bridges, trusted reverse-proxy identity support, container packaging, and the existing Cloudflare Worker/Durable Object runtime preserved as an adapter over the same fleet implementation.
- Added refreshable coordinator bearer authentication through a shell-free JSON argv token command, including HTTP and reconnecting WebSocket bridges behind expiring upstream identity proxies.
- Fixed pond ACL bootstrap to preserve Tailscale HuJSON comments, ordering, trailing commas, and unrelated policy sections while failing closed on ambiguous shapes. Thanks @coygeek.
- Fixed Tailscale bootstrap and cleanup determinism with opt-in pinned static installs, recorded client/device metadata, coordinator preflight smoke coverage, and best-effort device cleanup on release.
- Fixed brokered Tailscale tag-ownership failures to return actionable exact-match and
tagOwnersguidance while preserving the raw API error. - Fixed managed Linux Tailscale bootstrap to deliver auth keys through stdin instead of exposing them in
tailscale upprocess arguments. - Fixed trusted reverse-proxy identity deployments to support a secret-bound assertion when direct coordinator access cannot be network-isolated.
- Fixed direct VNC and WebVNC SSH forwards to bind explicitly to workstation loopback even when user SSH configuration enables gateway ports.
- Fixed the portal and connected WebVNC desktops to default to the current system appearance by migrating away from legacy two-state browser theme preferences.
- Fixed Cloudflare container runs to fail when streamed stdout or stderr cannot be written instead of silently reporting success after output loss.
- Fixed Proxmox bridge readiness on PVE 8 by falling back to its compatible local-bridge and SDN-vnet inventory filter.
- Added repeatable
--local-container-volume host:container[:ro]bind mounts for explicit local-container runs. Thanks @anagnorisis2peripeteia. - Added provider-neutral coordinator registration for direct SSH leases, with owner-scoped inventory and sharing, outbound WebVNC, automatic bridge daemons for kept desktops, and coordinator-safe metadata-only release and expiry.
- Added provider-optional
crabbox pauseandcrabbox resumelifecycle commands, with Islo sandbox pause/resume support that preserves local lease claims. Thanks @zozo123. - Added
provider: opensandboxfor delegated Linux sandbox runs through the OpenSandbox API, including archive sync, retained lease reuse, off-argv environment forwarding, status, and cleanup. Thanks @coygeek. - Added
provider: anthropic-sandbox-runtime(srt) for local one-shot command execution through Anthropic Sandbox Runtime, including filesystem/network policy handoff, doctor checks, config overrides, and live enforcement coverage. Thanks @coygeek. - Added
provider: hostingerfor direct Linux VPS leases with read-only catalog and payment-method discovery, explicit purchase opt-in, setup-time SSH keys, ambiguous-purchase recovery, stopped-VPS reuse, and stop-only billing-aware release. Thanks @coygeek. - Added
provider: apple-vzfor full ARM64 Ubuntu VMs through Apple'sVirtualization.framework, including verified cloud images, secret-safe signed URL handling, loopback VSOCK SSH, retained leases, native helper packaging, failure rollback, and live lifecycle coverage. Thanks @coygeek. - Added
provider: digitaloceanfor direct Linux SSH leases backed by DigitalOcean Droplets, including flat-tag ownership, per-lease SSH keys, docs, and guarded live smoke coverage. Thanks @coygeek. - Added a delegated Freestyle provider that runs commands in Freestyle VMs through the Freestyle REST API, with env-only authentication, archive sync, and automatic VM cleanup. Thanks @zozo123.
- Added
provider: hypervfor local Windows VM SSH leases through Microsoft Hyper-V, including differencing-disk provisioning, OpenSSH and MinGit bootstrap, password-less dev-image initialization, retained lease reuse, and cleanup. Thanks @anagnorisis2peripeteia. - Added an opt-in Islo userspace Tailscale plane with tailnet-aware pond peers, proxy-routed tailnet traffic, and URL-bridge fallback for leases without
--tailscale. Thanks @zozo123. - Added
provider: xcpngfor SSH leases on XCP-ng pools through the XenAPI control plane, including template cloning, fresh ISO installs, retained lease reuse, cleanup, diagnostics, and guarded live E2E coverage. Thanks @coygeek.
- Fixed
stopandpond releaseto preserve claims, SSH credentials, lifecycle metadata, and restart routing when providers intentionally retain reusable stopped resources. - Fixed external lease commands to reuse each lease's persisted provider routing after the current external configuration changes.
- Fixed
local-containerstop cleanup when a Docker container was removed externally, including stale claim and stored-key removal. Thanks @hxy91819. - Fixed Apple VZ release artifacts to target macOS 13, bounded guest serial logs without blocking noisy VMs, escaped terminal controls in diagnostics, and preserved retained lease state when helper inventory lookup fails.
- Fixed DigitalOcean capability-tag persistence, provider config visibility and precedence, account-scoped ambiguous Droplet/SSH-key create recovery, retryable cleanup, and unnecessary monitoring-agent installation.
- Fixed Namespace Devbox setup instructions to use the current browser workspace approval flow instead of obsolete token environment variables.
- Fixed XCP-ng XenAPI integer encoding, trusted endpoint configuration, template validation, HVM config-drive attachment, deterministic guest-network selection, retained-lease IP fallback, YAML-safe usernames, collision-resistant ISO runs, required networking for fresh ISO VMs, Windows 11 disk and vTPM requirements, bounded guest-network discovery, failure-recoverable VM ownership, copied-disk and local-key cleanup, generated Windows answer media, pre-boot answer attachment, and bounded ISO E2E cleanup.
- Added
provider: opencomputerfor delegated Linux sandbox runs through the OpenComputer REST API, including archive sync, retained leases, optional burst capacity, status, and cleanup. Thanks @zozo123. - Added local-container checkpoint forks that launch a fresh Docker lease from a committed checkpoint image while replaying and validating its recorded daemon scope. Thanks @anagnorisis2peripeteia.
- Added opt-in native Docker local-container checkpoints with immutable image identity, daemon-scope-aware verification and deletion, mounted-workspace guards, and live lifecycle coverage. Thanks @anagnorisis2peripeteia.
- Added
provider: morphfor Morph Cloud Linux SSH leases, including snapshot boot, Morph API key/config plumbing, per-instance SSH key retrieval, pause-on-release reuse, and provider docs. Thanks @coygeek. - Added a built-in Incus provider for local or remote Linux containers and virtual machines, including socket, TLS, and OIDC control-plane authentication, optional SSH proxy devices, retained lease reuse, and live lifecycle verification. Thanks @coygeek.
- Added Tart macOS desktop leases with native Screen Sharing, a token-gated host-side WebVNC bridge, and documented local-network exposure boundaries. Thanks @anagnorisis2peripeteia.
- Added native Azure Windows ARM64 lease support with explicit Windows ARM64 images, Cobalt ARM64 SKU inference, and
CRABBOX_AZURE_WINDOWS_ARM64_IMAGEbroker configuration for ARM64 validation. - Added persistent Apple Container 1.0 development machines through the local
apple-machineprovider. - Added local Windows sandbox execution through Microsoft Execution Containers with explicit filesystem, network, DACL-fallback, and Win32k capability controls plus an execution-backed doctor check.
- Removed the stale root OpenClaw plugin package and its npm publishing surface; Crabbox releases now version only the Worker package and Go CLI artifacts.
- Expanded release, smoke, installer, provider-contract, cleanup, and race coverage across the CLI, Worker, and provider adapters.
- Fixed kept Tart VMs stopping when the Crabbox command that launched them exited.
- Hardened provider lifecycle ownership, claims, retained-resource metadata, rollback, cleanup timeouts, and partial-failure reporting across Apple Container, ASCII Box, AWS, Azure, Azure Dynamic Sessions, Blacksmith Testbox, Cloudflare, Daytona, Docker Sandbox, E2B, exe.dev, external providers, GCP, Hetzner, Islo, Local Container, Modal, Multipass, Namespace, Parallels, Proxmox, Railway, RunPod, Semaphore, Sprites, SSH, Tart, Tenki, Tensorlake, Upstash Box, and Weights & Biases.
- Fixed static SSH requested slugs, delegated synthetic lease IDs, provider bridge targets, service inventory pagination, Windows share validation, and provider-specific configuration validation.
- Fixed Linux and macOS developer-tool installers, AWS account and orphan guards, image-minting and WSL2 smoke cleanup, coverage isolation, live-smoke JSON handling, and release workflow tag checkout ordering.
- Fixed CI deadcode, script sandboxing, and Cloudflare cleanup race failures found during release validation.
- Added ordered declarative external lifecycle steps with optional acquire rollback, allowing multi-command private provider setup without shell wrappers.
- Added declarative
external.lifecyclecommand configuration, provider resource-name mapping, and coordinator-free WebVNC over SSH for deterministic private devbox CLIs. - Added Podman runtime compatibility for
provider: local-container, including runtime selection, provider flags on SSH commands, and Podman-safe local lease claim scopes. Thanks @sallyom. - Added
sync.include/sync.includeswhitelists for root-relative sync plans, SSH sync, native Windows sync, local Actions hydration, and archive-sync providers. Thanks @anagnorisis2peripeteia. - Added generic
kubevirtSSH leases and a versionedexternalexecutable provider so private or proprietary VM/devbox control planes can integrate through configuration without provider-specific Crabbox forks. - Added Tenki to the live provider smoke harness, including authenticated create/run coverage and a paused-session check that proves
status --waitdoes not resume the sandbox.
- Extended GitHub broker login user tokens to 180 days by default, exposed token expiry in login/doctor identity output, and made the lifetime configurable with
CRABBOX_USER_TOKEN_TTL_SECONDS. - Added optional GitHub user-token admin allowlists via
CRABBOX_GITHUB_ADMIN_OWNERSandCRABBOX_GITHUB_ADMIN_LOGINS, and removed committed capacity-admin identities from the reusable Worker config.
- Fixed brokered provider doctor output so expired or rejected broker tokens tell maintainers to renew Crabbox login instead of misreporting AWS, Azure, GCP, or Hetzner credential failures.
- Fixed delegated run artifact collection so Blacksmith Testbox can satisfy
--require-artifactand--artifact-globbefore one-shot lease cleanup. - Fixed malformed AWS, Azure, and GCP SSH CIDR configuration to fail closed instead of falling back to broad SSH access. Thanks @coygeek.
- Fixed local-container warmup on Windows by mounting the generated bootstrap directory instead of passing the script inline to Docker. Thanks @anagnorisis2peripeteia.
- Fixed SSH-backed status waits to honor
--wait-timeoutwhile allowing Tenki readiness probes without resuming paused sessions. Thanks @aki-luxor. - Fixed Tenki JSON lease listings to expose the Crabbox lease ID instead of an unset numeric provider ID.
- Fixed brokered Azure lease creation to persist in-flight leases before VM provisioning, keep failed creates visible, and sweep orphaned Azure VMs from coordinator maintenance. Fixes #215.
- Fixed brokered lease release races so leases released while provisioning cannot be reactivated or lose cleanup retry state.
- Fixed Islo provider status, streaming exec, archive upload, share, and delete handling for the current Islo API contract. Thanks @zozo123.
- Restricted shared
useviewers from mutating lease heartbeat or Tailscale metadata, and hardened archive sync for option-like filenames while preserving sync cancellation. Thanks @zozo123.
- Added
provider: multipassfor local Ubuntu VM SSH leases through Canonical Multipass, including cloud-init bootstrap, Crabbox sync/run lifecycle, cleanup, and cache-volume support. Thanks @jwmoss.
- Fixed the README latest-release badge to use Badgen so GitHub release status does not depend on Shields' token pool. Thanks @zozo123.
- Added
provider: apple-containerfor local Apple silicon macOS Linux leases, including SSH sync/run lifecycle and provider-backed cache volumes. Thanks @zozo123. - Added a repo-local Blacksmith Testbox workflow and Crabbox config so delegated Testbox validation has workflow/job defaults.
- Added
crabbox prewarmto lease and hydrate reusable test-ready boxes from configured GitHub Actions, with provider-owned handling for delegated runners such as Blacksmith Testbox. - Added broker ready pools for hydrated reusable leases, including
prewarm --pool,run --pool,pool ready/register/borrow/return/ensure, and the broker ready-pool API. - Added
crabbox doctor --all --prepare-checkto report provider matrix readiness, resolved test machine types, and hydration workflow/job setup without creating leases. - Added
crabbox webvnc daemon listto show alive and stale local WebVNC helper daemons after agent runs.
- Raised the coordinator fleet-wide and org-wide reserved monthly caps while keeping per-owner and active lease limits in place, so trusted operators are not blocked by stale reserved-cost accounting.
- Tuned XFCE/WebVNC desktops for smoother interactive use with low-latency
x11vnc, 60fps WayVNC, and low-compression noVNC defaults. - Updated Go and Worker dependencies, including Wrangler, Vitest, oxlint, Cloudflare Workers types, AWS SDK, Daytona SDK, Google API modules, OpenTelemetry, and the Go toolchain.
- Fixed GNOME desktop leases to follow the same persisted light/dark theme selection as XFCE, including GTK settings, panel restart, and browser color-scheme flags.
- Fixed GNOME theme toggles to restart the desktop panel inside the active session so the top and bottom bars stay visible.
- Fixed WebVNC GNOME theme switching on existing leases without the dynamic helper, including black GNOME Terminal profiles for dark mode.
- Fixed GNOME WebVNC terminal title bars to follow light/dark theme changes by updating labwc window decorations.
- Fixed GNOME WebVNC terminal menubars to follow light/dark theme changes and added a generated desktop background for GNOME sessions.
- Fixed XFCE desktop leases to drag and resize windows opaquely instead of using the wireframe destination box, with full move/resize opacity and XFWM compositing disabled for the Xvfb/VNC path.
- Fixed Apple Container bootstrap on hosts whose runtime does not inherit DNS by passing detected host resolvers while preserving explicit
--apple-container-extra-run-args --dnsoverrides. - Fixed Apple Container runs to fail as soon as the container exits during SSH bootstrap and include a short container log tail instead of waiting for the full SSH timeout.
- Classified Blacksmith Testbox cleanup, sync-marker, cancelled Actions, and post-ready stall failures as retryable infra stages instead of generic unknown failures.
- Fixed Azure VM provisioning so slow creates time out quickly, continue through SKU/region fallback, and use a Worker Azure region list separate from AWS regions.
- Fixed local Actions hydration after warmup SSH port fallback so prewarmed SSH-backed boxes reuse the resolved reachable endpoint instead of retrying the configured port.
- Removed the stale root OpenClaw plugin package and its npm publish surface.
- Added provider-backed cache volumes for rebuildable dependency caches, including
cache.volumes,CRABBOX_CACHE_VOLUMES, repeatable--cache-volume [name=]key:path,crabbox cache volumes, Blacksmith Testbox sticky-disk forwarding, Local Container Docker volume mounts, and claim-backed required-volume checks for reused leases.
- Scoped the README Release badge to
?event=pushso it reflects tag-push release runs instead of cancelledworkflow_dispatchruns. Fixes #189. Thanks @zozo123.
- Added
provider: ascii-boxfor ASCII Box Ubuntu sandbox SSH leases, using the documentedbox --jsonCLI for create/list/status/stop/delete and standard Crabbox SSH sync/run. Thanks @zozo123. - Added Azure
--azure-os-disk ephemeral-preview/azure.osDisk: ephemeral-previewfor opt-in ephemeral OS disk full caching through Azure Compute API2025-04-01. Thanks @jwmoss. - Added configurable capacity-admin owner caps for coordinators that need elevated active lease limits for trusted operators.
- Raised the default coordinator monthly budget caps so configured capacity pools are less likely to reject trusted brokered leases before provider quota is reached.
- Fixed brokered Azure Linux lease creation so a stalled coordinator request times out with a concrete cleanup/retry hint instead of sitting silently in the leasing phase for the full coordinator HTTP timeout.
- Fixed brokered Azure Spot VM fallback so
on-demand-after-*windows bound VM create waits, on-demand retries use separate VM names, and timed-out Spot cleanup is retried from Fleet maintenance.
- Added
--arch arm64/architecture: arm64for Linux ARM leases on Azure and AWS, including Azure Dpsv6/Dpdsv6 and AWS Graviton class fallback plus matching Ubuntu ARM64 image resolution.
- Fixed brokered lease creation diagnostics so long coordinator requests print progress, timed-out create requests do not retry non-idempotent POSTs through curl, and Azure ARM errors preserve the useful conflict message.
- Added
provider: azure-dynamic-sessionsfor delegated Linux runs through Microsoft Azure Container Apps custom container Dynamic Sessions, including a Crabbox runner image, archive sync, streaming commands, local claims, status/list/stop, and provider docs. Thanks @zozo123. - Added
crabbox pondpeer discovery, bridge, and SSH-mesh support for multi-lease networking, including bridge adapters for Cloudflare, E2B, Islo, Modal, Railway, and Tensorlake. - Added Azure backend routing so
provider: azurecan selectazure.backend: dynamic-sessionsor--azure-backend dynamic-sessionswhile still reporting the canonicalazure-dynamic-sessionsprovider. - Added Islo delegated run session handles so
crabbox run --provider islo --keep --lease-output <file>returns stable lease metadata and cleanup commands for orchestrators. Thanks @zozo123. - Added
crabbox init --detectto scan common Go, Node, Rust, and Makefile project markers and generate a repo-localjobs.detectedremote check plus matching preflight tools. Thanks @zozo123.
- Fixed Azure VM provisioning to automatically use region-scoped shared VNet/NSG names when a Crabbox-managed base network already exists in another Azure region.
- Fixed brokered Azure regional fallback so region-scoped shared network names are computed per lease instead of mutating the Worker client's configured vnet/NSG names.
- Hardened Azure Dynamic Sessions endpoint validation, claim boundaries, token destinations, missing-response handling, lifecycle edges, shell string preservation, and runner image behavior.
- Fixed Islo run session handles to preserve resolved and claimed slugs, keep explicit lease IDs authoritative, return handles after lease creation, and quote cleanup commands safely.
- Fixed
crabbox stopto accept--id <lease>like every other lease command, and updated the stop hint thatcrabbox runprints so it can be pasted back verbatim. Thanks @edihasaj. - Fixed lease commands (
run,status,stop,ssh,inspect,screenshot,vnc,webvnc,actions,artifacts,checkpoint,egress) to auto-route--id static_<slug>ids to--provider sshand restore the original static host from the local lease claim, so static SSH leases no longer require repeating routing flags aftercrabbox warmup. - Fixed
crabbox init --detectto run nested detected package checks from the package directory and validate generated preflight tools. - Fixed Blacksmith Testbox workflow fallback selection so generic Actions hydration workflows are not mistaken for Testbox workflows, and fixed native Windows wrapper commands so PowerShell-based Node bootstraps can run before JavaScript runtime preflight checks.
- Fixed brokered AWS provisioning to compact stale Crabbox SSH ingress after EC2 reports the security group rule limit, then retry the current source rule before failing.
- Fixed coordinator lease cleanup so expired AWS leases whose EC2 instance is already gone still clean provider keys before closing.
- Fixed AWS EC2 Mac host cleanup and selection so stale pending hosts are released by the orphan sweep and hosts with no reported launch capacity are skipped.
- Fixed Worker AWS Linux user-data compression and hardened command/security boundaries found by CodeQL.
- Fixed provider documentation tables to match the registered provider capabilities for Azure, GCP, and Railway.
- Added
--desktop-env gnomefor a GNOME-apps desktop profile on labwc/WayVNC with GNOME Panel taskbars and Xwayland-backed app launches. - Added native Windows support for GitHub-runner Actions hydration so workflows can prepare Windows leases before Crabbox attaches to the hydrated workspace.
- Added a portable
--os/oslease selector with Ubuntu 26.04 as the preferred Linux image where provider catalogs support it, while preserving explicit provider image overrides. - Added Azure
capacity.regionsfallback with region-scoped managed network names and Azure capacity hints, matching the AWS capacity-routing model. - Added a repo-local Crabbox hydrate workflow and documented Azure as the preferred Windows/WSL2 provider when Azure quota or credits are available.
- Added
crabbox run --lease-output <file>for reusable delegated-run session JSON, starting with Blacksmith Testbox. Thanks @RomneyDa.
- Fixed failed-run summaries so application output mentioning provider auth no longer looks like a provider/auth blocker, shell
&&command chains explain short-circuit behavior, observed phases identify the likely failed phase, and opt-in automatic JUnit discovery can add structured test failures. - Fixed Azure Spot VM provisioning to send
billingProfile.maxPrice: -1explicitly in both direct and brokered mode, keeping Crabbox leases on Spot pricing without price-threshold evictions. - Fixed coordinator-backed lease creation to wait long enough for slow cloud bootstraps such as Azure Windows/WSL2 before timing out locally.
- Fixed Azure failed-candidate cleanup retries to emit Worker-side progress logs while Azure waits out NIC and public IP dependency locks.
- Fixed brokered Azure region ordering so an explicit request or
CRABBOX_AZURE_LOCATIONis attempted before the coordinator default. - Fixed native Windows
--fresh-prruns so PR checkout, local patch application, and post-bootstrap SSH port changes work over PowerShell. - Fixed native Windows Actions env handoff so
crabbox runcan consume bash-style hydrate env files and reuse hydrated Node/pnpm paths. - Fixed AWS coordinator EC2 polling to tolerate transient
InvalidInstanceID.NotFoundafter instance creation and to report parsed AWS XML errors. - Fixed AWS coordinator provisioning retries so wrapped opaque
RunInstanceserrors are retried instead of failing immediately. - Fixed Daytona provider sandbox inventory to use Daytona's cursor-based listing API.
- Removed OpenClaw-specific hosted broker defaults and documentation from the generic Crabbox broker login flow.
- Added default artifact manifests for
crabbox artifacts publish, pluscrabbox artifacts listandcrabbox artifacts pullfor URL-backed proof handoff with size and SHA256 verification. - Added
crabbox providersto print the registered provider capability matrix, including targets, backend kind, coordinator mode, aliases, and feature flags. - Added failed-run follow-through output with a compact digest that shows the failed phase, likely area, retryability, next commands, and a short redacted tail.
- Added
crabbox doctor --from-run <run-id>to load provider, target, class, type, lease, and phase context from recorded run history before diagnostics. - Added
crabbox logs --tail,crabbox events --type,crabbox events --phase, andcrabbox results --failed-onlyfor faster recorded-run triage.
- Fixed Blacksmith Testbox runs so repo-level env allowlists for SSH-backed providers no longer block delegated Testbox warmup.
- Fixed AWS Linux desktop bootstrap so generated theme helpers include the latest WebVNC desktop styling on fresh leases.
- Fixed AWS Linux desktop bootstrap so existing desktop services are restarted after profile changes instead of leaving stale XFCE/X11 services running under a Wayland profile.
- Changed the experimental Wayland desktop bootstrap to use labwc, giving WebVNC sessions normal draggable, decorated windows instead of Sway tiling defaults.
- Fixed the W&B Sandboxes provider default endpoint to follow the current upstream
api.cwsandbox.comAPI host. - Fixed Linux WebVNC desktop panel styling so status and taskbar items avoid harsh high-contrast borders in dark mode.
- Fixed Linux WebVNC terminal windows so the XFCE Terminal menu bar follows the dark desktop theme.
- Added
provider: wandbfor W&B/CoreWeave Sandbox delegated runs through the native gRPC API. Thanks @zozo123. - Added AWS doctor capacity readiness checks that surface Spot and On-Demand vCPU quota pressure before warmup. Thanks @jwmoss.
- Added an experimental Linux
--desktop-env waylandprofile using labwc, WayVNC, Wayland browser launch env, andgrimscreenshots while keeping XFCE as the default desktop.
- Fixed coordinator-backed AWS SSH ingress so active lease source CIDRs are preserved through provider-owned access reconciliation instead of core AWS special cases. Thanks @obviyus.
- Fixed coordinator-backed one-shot runs to replace a lease once when SSH drops after sync but before the command starts, stopping the stale lease and retrying sync on the replacement.
- Fixed Linux desktop theme setup so WebVNC sessions install and prefer native Arc-Dark/other dark XFCE themes instead of custom-painting panel and window chrome.
- Fixed Linux WebVNC desktop sessions so they follow the portal light/dark toggle and system theme changes after the remote desktop has already connected.
- Fixed run failure summaries and timing JSON to classify likely blocked stages, redact known HTML auth challenge bodies from failure excerpts, and reject unsupported Blacksmith environment forwarding before warmup.
- Fixed desktop browser launches so Linux WebVNC browser sessions inherit the dark desktop theme, advertise dark color-scheme preference to web apps, and repair older managed browser wrappers before launch.
- Added
provider: upstash-boxfor delegated Upstash Box sandbox runs through the Box REST API, including archive sync,run,warmup,list,status,stop, config/env overrides, and provider docs.
- Fixed portal and documentation theme toggles so dark mode shows only the sun icon and light mode shows only the moon icon.
- Fixed remote Parallels hosts so
prlctlis found on standard Mac install paths, and made snapshot fork dry-runs reject non-forkable power-on snapshots consistently.
- Changed Linux desktop/WebVNC leases to seed and apply XFCE, GTK, GSettings, and terminal dark theme settings, and changed the portal theme toggle to preserve a system-synced mode.
- Added
crabbox run --emit-proofsupport for Blacksmith Testbox delegated runs, including bounded local stdout/stderr, timing, and metadata artifacts for successful proof runs. - Added local-container Docker socket pass-through with host-visible work roots so
provider: dockerleases can run Docker-based test suites through the host daemon.
- Fixed local-container Docker socket pass-through on Docker Desktop, OrbStack, Colima, and similar local VM runtimes by mounting the daemon-visible socket path instead of the client context socket path.
- Fixed local-container Docker socket sync on local VM runtimes that reject rsync mtime updates on host-mounted work roots.
- Fixed local-container Docker socket bootstrap to prefer Docker's current Debian/Ubuntu CLI package before falling back to distro
docker.io. - Fixed
crabbox cleanup --provider dockersupport for stale local-container leases. - Fixed
provider: dockerstop/release cleanup so host-visible per-lease work directories created for Docker socket pass-through are removed with the lease. - Fixed local Actions hydration for repo-local composite actions, cache no-ops, simple input conditions, safe
hashFiles, secret-expression rejection, and Node 24.x setup on minimal Debian images. - Fixed Parallels linked-clone provisioning to require an explicit source snapshot so
prlctlcannot create a template-side linked-clone snapshot implicitly.
- Added
provider: parallelsfor local and remote Mac Parallels Desktop fleets, including template and snapshot-backed cloning, direct checkpoints, desktop/VNC forwarding, and Linux, macOS, and Windows guests. - Added
provider: runpodfor RunPod public TCP SSH leases through the RunPod REST API, including Crabbox sync/run,crabbox ssh,crabbox doctor, and provider docs. Thanks @zozo123. - Added a thin macOS developer-tools image mint wrapper that keeps paid host allocation explicit while wiring the reusable prep script, promotion, checkpoint proof, and lifecycle evidence defaults.
- Added AWS Linux and Windows developer-image prep scripts plus a guarded mint wrapper for baking Docker, Node 24, pnpm, GitHub CLI, and common developer tooling into fast-booting Crabbox AMIs.
- Added explicit AWS Fast Snapshot Restore promotion support for hot developer-image AMIs via
crabbox image promote --fast-snapshot-restore --fsr-az <az>and the AWS developer-image mint wrapper. - Added
crabbox image fsr-statusand the coordinator Fast Snapshot Restore status route for checking live AWS snapshot/AZ state after promotion. - Added a light/dark mode toggle to the Crabbox documentation site that defaults to the system color scheme, persists the choice in local storage, and applies before first paint to avoid a flash.
- Added
provider: local-containerwithdocker,container, andlocal-dockeraliases for local Linux container leases and optional desktop/browser/WebVNC smoke boxes through Docker-compatible runtimes such as Docker Desktop, OrbStack, and Colima.
- Changed the portal lease table filter bar from a long single-choice pill list to grouped state, provider, OS, kind, and admin ownership selectors.
- Changed the macOS developer-tools mint wrapper to default to a full Xcode macOS 15 / Swift 6.2 toolchain on newer EC2 Mac host families, while keeping CLT-only image bakes explicit.
- Fixed direct GCP leases so new VMs set GCP
maxRunDurationwithDELETEfor the TTL hard cap, install a guest-side idle expiry guard for expired ready/active leases when possible, andcrabbox cleanup --provider gcpremoves stale local GCP claim files after provider inventory no longer contains the lease. - Fixed Windows developer-image bootstrap readiness so setup completion is written before restarting SSH and native Windows bakes wait for a stable SSH window before continuing.
- Fixed the Windows developer-image mint wrapper so the final PowerShell prep chunk decodes and runs inline instead of relying on a separate post-upload command.
- Fixed Windows developer-image prep so Docker Engine installation is deferred until after the required Containers feature reboot.
- Fixed Windows developer-image bakes so the Docker Containers feature can interrupt SSH without aborting the image mint, as long as the reboot marker is present.
- Fixed Windows developer-image warmup proof so the mint wrapper keeps the source lease alive with an SSH command instead of waiting on stale coordinator readiness.
- Fixed Windows developer-image prep so fresh Chocolatey and Node shims are visible in the active PowerShell session, and first-pass Docker feature installs exit cleanly before final tool verification.
- Fixed Windows developer-image Docker Engine installation to use static Docker binaries instead of the stale DockerMsftProvider package feed.
- Fixed Windows developer-image AMI prep to reset EC2Launch state before capture so candidate instances run per-lease user data and accept the new Crabbox SSH key.
- Fixed Windows developer-image prep to leave Crabbox-managed OpenSSH in place instead of installing Chocolatey's OpenSSH package over the active lease transport.
- Fixed Windows developer-image minting to retry idempotent prep-script chunk uploads, run long prep through a detached scheduled task, and require a stable post-reboot SSH window before the second prep pass.
- Fixed AWS developer-image bakes behind configured security groups so coordinator heartbeats still refresh the configured Crabbox SSH ports, and aligned the Worker Windows bootstrap ordering with the CLI path.
- Added
provider: exe-devfor exe.dev VM SSH leases through the exe.dev SSH API, including Crabbox sync/run,crabbox ssh, and provider docs. - Added the Railway delegated provider for redeploying an existing Railway service, streaming build/runtime logs, and reporting deployment status through
crabbox run,status,stop, andlist. Thanks @zozo123. - Added direct
crabbox doctorreadiness for all built-in providers without creating provider resources. - Added direct
crabbox doctor --provider exe-devreadiness through the exe.dev inventory API without creating VMs. - Added Cloudflare runner readiness to
crabbox doctor --provider cloudflareso runner URL, auth, and container bindings are checked without creating a sandbox. Thanks @altaywtf. - Added
crabbox doctor --json, provider error classification and hints, direct-check timeout/API/mutation labels, optional--doctor-probe-ssh, andscripts/live-doctor-smoke.shfor maintainer live coverage checks. - Added
--slugforcrabbox warmup, freshcrabbox runleases, andcrabbox checkpoint fork, plus--labelfor human-readable run history/timing metadata. - Added a light/dark mode toggle to the crabbox portal header that defaults to the system color scheme, persists the choice in local storage, and applies before first paint to avoid a flash.
- Added a reusable macOS developer-tool prep script for image bakes that verifies Command Line Tools, installs Homebrew plus common CLI tooling, activates Node 24/pnpm, and exposes stable SSH-visible tool shims.
- Added an account-guarded EC2 Mac Dedicated Host quota request helper for turning macOS lifecycle smoke quota evidence into a dry-run or explicit AWS Service Quotas request.
- Added a no-spend macOS coordinator remediation audit helper that bundles provider identity, IAM policy, host quota, host allocation dry-run, guarded IAM apply dry-run, and guarded quota request dry-run evidence into
summary.json.
- Changed Actions hydration to run repo workflow setup locally over SSH by default, auto-hydrate
crabbox runwhenactions.workflowis configured, and keep GitHub self-hosted runner registration behind--github-runnerfallback. - Changed AWS macOS AMI selection so newer
mac-m*EC2 Mac leases use macOS 15 images whilemac2*and legacymac1.metalcontinue using launchable macOS 14 images. - Hardened macOS image lifecycle smoke so source, candidate, and promoted images must expose Command Line Tools-compatible Apple developer tools, Swift, Homebrew, and common Node/pnpm developer tooling before promotion, with stricter macOS 15 and Swift tools 6.2 defaults for
mac-m*host families. - Clarified WebVNC docs to include coordinator-backed AWS macOS desktop leases in the supported portal bridge surface.
- Fixed AWS macOS lease bootstrap so EC2 Mac instances explicitly install the Crabbox SSH key, enable Remote Login on configured ports, and treat Screen Sharing as available for WebVNC even when a dedicated host lease predates the
desktop=truelabel. - Fixed AWS WebVNC reconnects so coordinator lease heartbeats refresh SSH ingress from the caller source before local bridge startup retries.
- Fixed the portal so configured AWS macOS Dedicated Hosts appear as lease-like dedicated rows with host detail pages, attached-lease access actions, and local start/WebVNC commands for host-pinned desktop leases.
- Fixed WebVNC daemon restarts so the background bridge keeps its lease claim after a repo checkout changes.
- Fixed macOS WebVNC bridge churn by using a smaller bridge pool for macOS Screen Sharing instead of opening the default multi-slot VNC pool.
- Fixed macOS WebVNC portal performance by using latency-biased noVNC compression and quality defaults for Screen Sharing sessions.
- Fixed WebVNC portal credential failures so bare or stale macOS links stop with a clear status instead of opening a blank retry loop.
- Fixed WebVNC local bridge startup so resolved SSH fallback ports are reused for the foreground VNC tunnel instead of falling back during probes and then tunneling the stale configured port.
- Fixed Railway
crabbox runredeploys to use Railway's deployment redeploy mutation so live Docker-image services return the new deployment ID reliably. - Fixed pinned AWS macOS host/image launches so region fallback cannot silently route a candidate image proof onto a different region or host.
- Fixed direct AWS AMI checkpoint create, inspect, delete, and fork paths so source instances are validated before host preparation and recorded account/direct-backend metadata is honored even after coordinator configuration changes.
- Fixed direct AWS macOS AMI checkpoint forks so resolved and recorded EC2 Mac Dedicated Host pins are reused after coordinator routing is disabled.
- Fixed AWS macOS native checkpoint selection so brokered and direct macOS checkpoints use AMI-backed snapshots by default instead of raw EBS snapshot forks that EC2 Mac cannot reliably relaunch.
- Fixed macOS image lifecycle smoke checkpoint forks so EC2 Mac host recycle waits require stable availability and retry once after transient host recycle failures.
- Fixed macOS image lifecycle smoke checkpoint forks so forked macOS leases request desktop/WebVNC metadata before collecting WebVNC evidence.
- Fixed macOS image lifecycle smoke summaries so paid EC2 Mac Dedicated Host allocation failures preserve stderr, blocker text, and remediation guidance instead of writing an empty blocker.
- Fixed EC2 Mac Dedicated Host state parsing so live AWS
DescribeHostsresponses are recognized as reusable by macOS lifecycle smoke instead of falling through to a new host allocation path. - Fixed existing AWS macOS lease commands so
crabbox run --id ... --target macosdefaults the irrelevant capacity market to On-Demand instead of failing Spot validation before reaching the lease. - Fixed recursive run artifact globs so
**works on older Bash without crossing unintended path segments. - Fixed
crabbox doctorlocal tool checks so providers that do not use local SSH/rsync do not fail on those tools.
- Added
crabbox capsulefor local GitHub Actions failure replay manifests, including capture, inspect, replay, promotion, and documentation for how capsules compose with actions hydration and checkpoints. Thanks @zozo123. - Added AWS macOS support to native
crabbox checkpointsnapshot/image creation and forks, including host-pin metadata and On-Demand fork defaults. - Added direct AWS AMI checkpoint creation so non-brokered AWS Linux/macOS leases can use
crabbox checkpoint create --mode nativeor--strategy imagewithout a coordinator. - Added
--take-controlfor WebVNC portal handoffs so opened browser viewers can automatically become the keyboard and mouse controller after connecting. - Added
scripts/macos-image-lifecycle-smoke.shfor guarded AWS EC2 Mac host allocation, source macOS lease boot, WebVNC bridge proof, AMI creation, candidate-image smoke, promotion, promoted-image smoke, cleanup, and durablesummary.jsonevidence. - Added a no-spend macOS host region preflight helper for checking reusable EC2 Mac Dedicated Hosts, dry-run allocation readiness, and Dedicated Mac host quota across configured AWS regions before approving paid allocation.
- Added an account-guarded macOS image lifecycle IAM apply helper for trusted operators remediating coordinator AWS permissions from smoke artifacts, including automatic local AWS profile matching.
- Added parsed IAM policy target details to
crabbox admin providers identity --provider aws --jsonso operators know which role or user needs the macOS image lifecycle policy. - Added provider-scoped admin entrypoints:
crabbox admin providers identity,crabbox admin providers policy, andcrabbox admin hostsfor host lifecycle operations. Existingadmin aws-*andadmin mac-hostscommands remain compatibility aliases. - Added provider-neutral
CRABBOX_HOST_ID/hostIdconfig for host-pinned leases while keepingCRABBOX_AWS_MAC_HOST_ID/aws.macHostIdas AWS compatibility aliases. - Added provider-neutral coordinator admin routes for host lifecycle and provider identity operations, while keeping the legacy AWS routes as compatibility fallbacks.
- Added compatibility aliases
crabbox admin mac-hosts,crabbox admin aws-identity,crabbox admin aws-policy, andcrabbox admin aws-policy --mac-hostsfor existing AWS macOS operator workflows. - Added a broker-side AWS orphan sweep that periodically scans configured AWS capacity regions from the Durable Object alarm and can terminate confirmed Crabbox-tagged EC2 orphans.
- Added an AWS orphan-audit script for trusted operators to find Crabbox-tagged EC2 instances left behind in old provider accounts after credential or account rotation.
- Added macOS image lifecycle evidence files for host discovery, quota, dry-run, allocation, image creation, image promotion, warmup, host wait, WebVNC daemon startup, WebVNC status, and artifact directories for blocked, partial, and completed runs.
- Added regression coverage for the guarded macOS image lifecycle smoke and configurable WebVNC post-start grace period.
- Hardened the macOS image lifecycle smoke so native checkpoint snapshot creation, checkpoint forks, WebVNC proof, and checkpoint cleanup run before candidate-image promotion.
- Hardened the macOS image lifecycle smoke so EC2 Mac Dedicated Host scrubbing, WebVNC daemon cleanup, active portal bridge checks, and Mac host family fallback are covered before image promotion.
- Changed AWS promoted image records to be scoped by target, architecture, server type, and region so macOS AMIs do not become the default image for Linux or Windows leases.
- Changed native checkpoint records to preserve the source provider server type so macOS snapshot forks reuse the matching EC2 Mac host family unless
--typeis explicitly overridden. - Changed AWS macOS instance fallback candidates to include current Apple silicon Mac host families before the legacy
mac1.metalfallback. - Changed EC2 Mac Dedicated Host quota checks to use direct Service Quotas lookups for known Mac host families before falling back to broader quota listing.
- Changed the macOS host preflight and image lifecycle smoke to use the provider-neutral admin host/provider commands and
CRABBOX_HOST_IDwhen pinning leases to an allocated host. - Changed the macOS image lifecycle smoke artifact to include the coordinator provider identity used for IAM remediation.
- Changed macOS image lifecycle smoke blocker commands to use portable evidence filenames with the guarded IAM apply helper for coordinator permission remediation.
- Changed macOS image lifecycle smoke summaries to record artifact-relative evidence paths so published bundles do not expose local checkout paths.
- Changed macOS image lifecycle blocked summaries to include a
blocker.reasonalias for automation that expects a short blocker reason. - Changed standalone macOS host region preflight blockers to use the guarded IAM apply helper instead of manual account-match shell snippets.
- Updated Go provider SDKs and Worker runtime/toolchain dependencies.
- Documented the AWS account-match and IAM remediation flow for attaching the combined macOS image lifecycle policy to the coordinator role or user.
- Clarified the EC2 Mac host IAM policy, including create-time tag permissions, Dedicated Mac host quota checks, and the split between baseline AWS provider permissions and paid macOS image bake, WebVNC, promotion, and cleanup permissions.
- Clarified AWS security guardrail docs so IAM Access Analyzer external-access analyzers are created in every configured capacity region, while S3 Block Public Access and IAM password policy remain account-level controls.
- Fixed code-scanning findings in container command execution, Worker sanitizers, docs link/build helpers, and JSON error responses.
- Fixed live smoke scripts so provider-specific missing workflow, snapshot, CLI, Python client, or Semaphore config prerequisites fail before allocating resources, and added Sprites coverage to the live provider smoke.
- Fixed live coordinator auth smoke so GitHub-authenticated coordinator identities are accepted and Cloudflare Access credential gaps print an actionable prerequisite error.
- Fixed raw SSH-provider JS package command failures so Crabbox probes obvious
pnpm,npm,node,corepack,yarn, andbunentrypoints before syncing and fails with hydration/setup guidance instead of an emptyexit 127tail. - Fixed
crabbox webvnc --openso opened portal links make the lease visible to authenticated org users instead of showing a misleading 404 when CLI auth and browser auth differ. - Fixed WebVNC portal click forwarding so controller clicks reach the remote desktop while preserving focus and browser context-menu suppression.
- Fixed WebVNC
--take-controlhandoff links so the portal keeps retrying the automatic control claim until the opened viewer is registered as an observer. - Fixed remote macOS screenshots so
crabbox screenshotcaptures the Screen Sharing/VNC framebuffer instead of relying onscreencapturefrom non-interactive SSH sessions. - Fixed remote macOS screenshots against no-auth VNC servers by reading the RFB 3.8 security result before framebuffer negotiation.
- Fixed brokered AWS macOS launches so stale host ids, missing Mac hosts, regional AMI gaps, and unavailable default Mac capacity can fall back to usable host, region, image, or alternate Mac host family candidates.
- Fixed brokered AWS macOS launches so newer
mac-m*Mac host fallback candidates resolve macOS 15 AMIs instead of reusing the earlier Apple silicon macOS 14 AMI query. - Fixed coordinator-backed macOS lease reuse so follow-up
run, sync, and image smoke commands use the brokered/Users/ec2-user/crabboxwork root instead of Linux's/work/crabbox. - Fixed coordinator-backed macOS checkpoint metadata so an auto-discovered provider host id is preserved for snapshot forks.
- Fixed AWS image deletion so scoped promoted macOS images cannot be deleted until another image is promoted.
- Fixed brokered Azure leases so the CLI only sends
azureOSDiskwhen the user explicitly configures it, preserving the coordinator default while keeping new Azure leases checkpointable by default. Thanks @jwmoss. - Fixed managed Windows bootstraps so native Windows leases skip desktop/VNC setup unless
--desktopis requested, while WSL2 leases keep their Windows core and Linux setup paths separate. Thanks @jwmoss. - Fixed macOS image lifecycle cleanup and release paths so script-allocated hosts and local WebVNC daemons are stopped after source-only, candidate-only, blocked, partial, and completed runs.
- Fixed macOS image lifecycle cleanup so script-allocated EC2 Mac Dedicated Hosts are released from failure traps when host release is requested.
- Fixed EC2 Mac Dedicated Host allocation and release handling so paid host IDs returned by AWS are not retried in another availability zone after post-allocation describe failures, and failed
ReleaseHostsresults are surfaced instead of reported as released. - Fixed macOS image lifecycle region-preflight blockers so they preserve guarded IAM helper remediation commands from the region preflight evidence instead of falling back to manual account-match snippets.
- Fixed macOS image lifecycle and host-region preflight blockers so remediation commands use neutral
crabboxcommands and the guarded IAM apply helper instead of embedding local binary paths, checkout paths, or manual account-match snippets. - Fixed macOS image lifecycle blocked summaries so quota preflight failures, EC2 Mac host dry-run IAM failures, rerun commands, and short
blocker.reasonaliases are preserved in evidence. - Fixed macOS image lifecycle evidence and artifact summaries so paths are only populated after the matching files or directories are captured.
- Fixed EC2 Mac host dry-run JSON output so AWS authorization failures do not expose raw provider error details in operator logs.
- Fixed EC2 Mac host quota checks so unsupported regional Mac quota resources return an empty quota result instead of a 502 preflight error.
- Fixed missing coordinator Mac host admin endpoints so they report a blocked preflight instead of an empty preflight failure.
- Fixed external macOS AMI promotion so x86 Mac images are keyed by their described architecture instead of defaulting to Apple silicon metadata.
- Fixed provider-neutral admin command errors so older coordinators report the neutral route and the legacy compatibility route that both returned 404.
- Fixed provider-neutral host pin requests and lease records so the public JSON field is
hostId, whilehostIDremains accepted for compatibility.
- Added
crabbox admin lease-auditso operators can compare expired brokered AWS lease records against live cloud instance state and fail automation when a record still maps to a live instance. - Added
crabbox checkpointnative disk-snapshot checkpoints for brokered AWS, Azure, and GCP Linux leases, optional provider image checkpoints via--strategy image, local workspace archives for generic POSIX SSH leases, inspect/list/delete flows, archive restore, and checkpoint forks into fresh leases. - Added checkpoint audit and cleanup management with
crabbox checkpoint list --verify,inspect --verify, andprune --older-than. - Added
provider: cloudflaredelegated runs for Cloudflare Containers through a Worker runner, including archive sync, warm containers, local claim cleanup, and deployment docs. Thanks @altaywtf. - Added Cloudflare runner deploy-smoke tooling, CI coverage for the container runner Go module, and redacted
crabbox config showoutput for Cloudflare runner auth. - Added
crabbox list --refreshso local Cloudflare claims can be checked against live runner state on demand. - Added brokered provider snapshot/image deletion for AWS EBS snapshots and AMIs, Azure managed disk snapshots and managed images, and GCP disk snapshots and machine images.
- Added Modal and Tensorlake to the top-level provider docs and delegated sandbox configuration examples. Thanks @stainlu.
- Added provider feature flags for workspace checkpoint, fork, restore, and native snapshot capabilities. Thanks @stainlu.
- Improved checkpoint documentation with clearer native vs archive distinction, workflow mechanics, security warnings, and command reference examples.
- Fixed delegated Blacksmith Testbox warmup/run flows so successful allocations refresh the coordinator runner portal instead of waiting for a later manual list.
- Fixed Code bridge upstream URL handling so browser-controlled paths cannot select a non-loopback upstream target, and clamped
CRABBOX_AWS_ROOT_GBparsing to validint32values. - Fixed
crabbox admin lease-audit --fail-on-liveso recently terminated AWS instances returned byDescribeInstancesdo not fail cleanup automation as live resources. - Fixed checkpoint archive restores so large archives stream over SSH without buffering the full tarball in memory and unpack through a per-restore remote temp file. Thanks @stainlu.
- Fixed Daytona toolbox archive sync so failed remote extracts still remove the uploaded
/tmp/crabbox-*.tgzarchive. Thanks @stainlu. - Fixed Islo exec-upload fallback cleanup so failed archive decodes or extracts still remove temporary upload files. Thanks @stainlu.
- Fixed Cloudflare runner URL validation so configured runner URLs cannot include query or fragment components that corrupt API request paths. Thanks @stainlu.
- Fixed Cloudflare stop so missing runner containers prune their stale local claims instead of leaving users to run cleanup manually. Thanks @stainlu.
- Fixed the Crabbox plugin provider schema so current providers and aliases such as
modal,tensorlake, andcfcan be selected. Thanks @stainlu. - Fixed coordinator TTL cleanup so provider deletion failures keep leases active with retry metadata instead of silently expiring while cloud instances continue running.
- Fixed direct AWS security-group maintenance so stale Crabbox-owned SSH ingress rules are pruned before adding the current source CIDRs.
- Fixed E2B sync cleanup so remote upload archives are removed even when extraction fails. Thanks @stainlu.
- Fixed Hetzner Cloud server-list parsing so
private_netarrays from the API no longer break list, doctor, warmup, or reused-run flows. Thanks @muqsitnawaz. - Fixed installed tagged builds so
crabbox --versionand proof metadata report the Go module build version instead of the development fallback. Thanks @stainlu. - Fixed Modal sync cleanup so remote upload archives are removed even when extraction fails. Thanks @stainlu.
- Fixed native provider checkpoint creation so AWS, Azure, and GCP snapshot/image checkpoints flush source filesystem writes before calling the provider API.
- Fixed
crabbox actions hydrate --id tbx_...so Blacksmith Testbox IDs skip owned-cloud runner registration instead of failing on GitHub self-hosted-runner permissions. - Fixed Tensorlake timing JSON so delegated runs include the lease slug and reused sandboxes preserve the stored claim slug. Thanks @stainlu.
- Fixed Tensorlake workdir validation so broad sandbox paths are rejected before sync or command execution. Thanks @stainlu.
- Added
provider: modaldelegated runs for Modal Sandboxes through the local Modal Python client, including archive sync, env allowlist forwarding, docs, and no-live-credential tests. - Added
crabbox run --full-resync/--fresh-syncto reset stale remote workdirs before syncing, plus--env-helperfor reusable profile-backed env wrappers on POSIX SSH leases. - Added native Windows support for
crabbox run --script/--script-stdinand a real native Windows--preflightprobe. - Added configurable
crabbox run --preflighttool probes via--preflight-tools,CRABBOX_PREFLIGHT_TOOLS, andrun.preflightTools.
- Improved sync and SSH watchdog output so long quiet syncs and dead SSH waits include concrete retry/replace hints.
- Clarified hosted broker access for non-allowlisted users and documented the minimum self-hosted broker setup. Thanks @alan-mathison-enigma.
- Fixed AWS broker security-group maintenance so stale Crabbox-owned SSH ingress rules are pruned before adding the current source CIDRs. Thanks @obviyus.
- Fixed Proxmox VM bootstrap to wait for the guest IP and bootstrap over SSH after clone/start, avoiding fragile guest-agent exec behavior. Thanks @mine-13-zoom.
- Fixed AWS Windows WSL2 exact
--typerequests so instance families without nested virtualization fail before leasing with a targeted repair hint. - Fixed coordinator-backed AWS acquisition so readiness failures delete the just-created instance before retrying, while CLI retries still require an explicit cleanup signal.
- Fixed coordinator-backed acquisition so repeated confirmed stale AWS instance cleanups get a larger retry budget instead of failing after the second stale instance.
- Fixed
crabbox codeon leases that fall back from SSH port 2222 to 22, and improved foreground tunnel startup errors to include SSH failure details. - Fixed
crabbox run --preflight --preflight-tools noneso it prints only the workspace summary without running remote probes. - Fixed native Windows
crabbox run --preflightso user and cwd diagnostics are always printed alongside configurable tool probes. - Fixed native Windows
--scriptand--env-from-profileuploads so non-ASCII PowerShell source and profile values stay UTF-8 under Windows PowerShell. - Fixed native Windows
--env-from-profileuploads so allowed profile values are written relative to the synced workdir and failures include the remote PowerShell error.
- Added Azure native Windows desktop/VNC and Windows WSL2 lease support, matching the AWS Windows capability boundary. Thanks @jwmoss.
- Added
provider: proxmoxfor direct Proxmox VE Linux QEMU VM leases, including template clone, cloud-init SSH key injection, guest-agent bootstrap, docs, and cleanup support. - Added
provider: tensorlakedelegated runs for Tensorlake Firecracker sandboxes through thetensorlakeCLI, including archive sync, env allowlist forwarding, docs, and live-provider coverage. Thanks @zozo123. - Added
crabbox run --preflight,--capture-stderr, automatic failure bundles, env-forwarding summaries, andCRABBOX_PHASE:<name>timing markers for easier live/provider run debugging. - Added
crabbox run --keep-on-failureso failed one-shot runs can leave the exact lease available for SSH inspection until idle/TTL expiry. - Added
crabbox run --script <file>and--script-stdinso larger remote commands can be uploaded and executed as files instead of quoted shell strings. - Added
crabbox run --env-from-profile <file>and repeatable--allow-env <name>for redacted, first-class live-secret forwarding from local profile files. - Added
crabbox run --fresh-pr <owner/repo#number>for fresh remote GitHub PR checkouts, with optional--apply-local-patch. - Added
crabbox azure loginso direct Azure users can persist the activeaz loginsubscription, tenant, and location without manually exporting service-principal environment variables. Thanks @galiniliev. - Added
azure.network/CRABBOX_AZURE_NETWORKso Azure direct leases can SSH through private VNet addresses when using VPN/private-network access. Thanks @galiniliev. - Added
scripts/proxmox-build-template.shto build a Crabbox-ready Ubuntu 24.04 Proxmox template from a public cloud image. Thanks @VACInc.
- Changed sync guardrails to count the dirty delta when local changes are present while still printing the full candidate size, making dirty-worktree iteration less noisy.
- Expanded default sync excludes for common generated churn such as
.ignored,.vite,playwright-report,test-results, and local.crabboxlog/capture directories, and added top-directory hints for large sync candidates. - Changed automatic failure-bundle stdout/stderr capture to cap implicit temp logs while still allowing explicit
--capture-stdout/--capture-stderrfiles for full local streams. - Documented
--fresh-pr ... --apply-local-patchas the preferred fast path for PR iteration from noisy local checkouts. - Documented Azure CLI login setup, private-network SSH selection, and regional constraints for reused Azure VNet/subnet/NSG resources. Thanks @galiniliev.
- Clarified that Blacksmith delegated runs cannot forward CLI-side
--env-from-profilevalues and should use workflow-side secrets. - Documented Islo's
islo ssh --setuphost-alias flow for ad-hoc SSH access to Islo sandboxes. Thanks @zozo123.
- Fixed shared-token coordinator auth so caller-supplied
X-Crabbox-OwnerandX-Crabbox-Orgheaders cannot select the authenticated owner/org. Thanks @Hinotoi-agent. - Fixed Code, WebVNC, and Egress bridge ticket creation so
use-shared lease users cannot mint lease-side bridge-agent tickets without manage access. Thanks @Hinotoi-agent. - Fixed repo-local
env.allow: ["*"]so it no longer forwards every local environment variable to remote commands. Thanks @Hinotoi-agent. - Fixed Windows SSH sync by disabling unsupported OpenSSH ControlMaster multiplexing and preferring WSL rsync/path conversion when available. Thanks @galiniliev.
- Fixed Tensorlake slug resolution so stale claims from other providers cannot shadow an active Tensorlake sandbox slug.
- Fixed Sprites and Namespace Devbox work-root validation so broad roots are rejected before create/prepare flows. Thanks @stainlu.
- Fixed Sprites list pagination so missing or repeated continuation tokens fail instead of spinning or accepting malformed pages. Thanks @stainlu.
- Fixed Namespace Devbox prepare error reporting so prepare failures are not hidden behind earlier SSH config fallback errors. Thanks @stainlu.
- Added
crabbox job list/runand repo-localjobs:config for named warmup → Actions hydrate → run → cleanup workflows. - Added Daytona and Namespace Devbox lanes to
scripts/live-smoke.shso delegated live smoke coverage can run through the shared harness. - Added
provider: gcpfor Google Cloud Compute Engine Linux SSH leases, including direct ADC auth, brokered service-account auth, class fallback, Spot/on-demand fallback, docs, and cleanup support. - Added
crabbox cleanup --provider namespace-devboxto remove Crabbox-owned Namespace SSH snippets and keys. - Added
scripts/openclaw-wsl2-tests.shfor one-command OpenClaw full-suite runs on AWS Windows WSL2 Crabbox leases.
- Aligned direct GCP provisioning with Google's official Compute Go SDK (
cloud.google.com/go/compute/apiv1) and project-wide aggregated instance discovery. - Moved OpenClaw Blacksmith Testbox run safeguards into Crabbox, including one-shot slug reporting and stalled sync termination.
- Improved
crabbox media previewandartifacts collect --gifdefaults to generate higher-quality 1000px/24fps GIFs with Floyd-Steinberg palette dithering and optional gifsicle optimization. Thanks @obviyus.
- Fixed the Blacksmith Testbox sync-stall guard to match current
blacksmithCLI sync start and completion messages. - Fixed GCP leases so exact
--typerequests still use configured zone and Spot-to-on-demand fallback, aliases derive GCP class defaults, explicit brokered tags replace Worker default tags, custom networks and ingress policies get separate SSH firewall rules, and brokered pool views include instances outside the Worker's default zone. - Fixed
crabbox actions hydrate/registerso AWS Windows WSL2 leases can use Linux GitHub Actions hydration instead of being rejected as Windows targets, including root-runner and stale apt-list handling. - Fixed
scripts/openclaw-wsl2-tests.shso follow-up hydrate/run/cleanup commands keep the AWS Windows WSL2 target configuration and warmup failures print captured output. - Fixed
scripts/openclaw-wsl2-tests.shso dirty-sync package graph changes refresh workspace dependencies before the full OpenClaw test command runs. - Fixed first
crabbox runsyncs after GitHub Actions hydration so tracked checkout files are not treated as stale remote files before the initial dirty-worktree sync. - Fixed
crabbox runhistory finish recording to allow large final log payloads enough time to reach the coordinator. - Fixed Namespace Devbox release-only resolution so
crabbox stop --provider namespace-devbox --namespace-delete-on-release <name>deletes without re-preparing SSH. - Fixed Namespace Devbox release cleanup so stopping a Crabbox Devbox removes its local
~/.namespace/ssh/crabbox-*snippet and key files. - Fixed
crabbox webvnc daemon startso it starts with a fresh bridge log and waits briefly for the bridge-ready marker before returning.
- Added
crabbox run --capture-stdout <path>and repeatable--download remote=localfor binary-safe proof capture without streaming arbitrary bytes into the terminal or run-log previews. - Added
crabbox desktop terminalfor visible terminal smokes, including Sixel-friendly Git-for-Windowsminttylaunch defaults on native Windows. - Added
crabbox desktop recordplusdesktop terminal --screenshot/--recordfor one-command visual proof capture, including native Windows MP4 recording through interactive desktop frames. - Added automatic contact-sheet PNGs for desktop recordings,
crabbox desktop prooffor one-shot visual proof bundles, recorder diagnostics, and direct PR publishing from terminal/proof captures.
- Updated docs for output capture, desktop terminal/proof capture, Windows desktop bootstrap, artifact contact sheets, and managed-provider readiness checks.
- Reworked the WebVNC share dialog into an inline Google-style sharing flow with add-user, org access, copy-link, and done actions.
- Fixed delegated run providers so unsupported
--capture-stdoutand--downloadrequests fail instead of streaming stdout and skipping downloads. - Fixed E2B sandbox creation so Crabbox caps default lease timeouts to E2B's one-hour API limit instead of failing live smoke warmups.
- Fixed
crabbox runoutput capture validation so malformed--downloadspecs, bad download destinations, and bad--capture-stdoutpaths fail before leasing, syncing, or running remotely. - Fixed interrupt handling so a second
Ctrl-Ccan terminate slow cleanup after the first signal starts graceful cancellation. - Fixed
crabbox doctor --provider ...so coordinator secret readiness checks only run for managed brokered providers. - Fixed
crabbox desktop terminal --provider ssh -- ...so static SSH command arguments are not consumed as lease IDs. - Fixed
crabbox run --capture-stdoutso local capture write failures report as capture errors instead of remote command exits. - Fixed brokered provider preflight so
crabbox doctor --provider azurereports missing Worker secrets and lease creation returnsprovider_not_configuredinstead of a coordinator500. - Fixed interrupted one-shot runs so
SIGINT/SIGTERMcancel through the CLI context and still run best-effort lease cleanup. - Fixed SSH readiness progress logs to include per-port probe state in timeout errors.
- Fixed managed AWS Windows desktop bootstrap so WebVNC/screenshot targets start TightVNC reliably and screenshots are not covered by Windows' first-network flyout.
- Fixed Windows
desktop launchargument handling so terminal commands such asbash -lc '...'and other quoted GUI launches are passed losslessly. - Fixed the source-built CLI version so unreleased local builds no longer report the previous release.
- Added
provider: spritesfor Sprites microVM SSH leases through thespriteCLI/API, including Crabbox sync/run,crabbox ssh, and live smoke docs. - Added
provider: namespace-devboxfor Namespace Devbox SSH leases through thedevboxCLI, with Crabbox sync/run layered on the returned SSH endpoint. - Added live smoke checklists and script coverage for direct E2B and Semaphore provider validation. Thanks @stainlu.
- Updated Worker runtime dependencies and Go provider SDKs, including noVNC, fast-xml-parser, AWS EC2, Daytona, Islo, and related Go runtime libraries.
- Fixed signed portal user tokens so caller-provided admin claims are rejected instead of granting admin access. Thanks @Hinotoi-agent.
- Fixed Islo workdir containment so absolute paths and parent-directory escapes are rejected before sandbox creation, sync, or run. Thanks @Hinotoi-agent.
- Fixed Islo archive sync uploads to use the API's multipart file contract instead of falling back after server-side
500responses. - Fixed Semaphore host configuration so dashboard URLs normalize to hosts while API paths, query strings, fragments, and user info are rejected. Thanks @stainlu.
- Fixed WebVNC portal input focus so controller typing stays in the remote desktop and right-clicks no longer open the browser context menu.
- Fixed Semaphore list output so locally claimed jobs show their lease slugs.
- Fixed E2B relative workdirs so they resolve under the configured E2B user's home instead of always
/home/user. - Fixed E2B workspace guardrails so broad roots such as
/,/home, and/tmpare rejected before sync creates, deletes, or extracts files. - Fixed E2B sandbox creation so unsafe workdirs are rejected before the API call. Thanks @stainlu.
- Fixed E2B user validation so path-like users are rejected before sandbox or process calls. Thanks @stainlu.
- Fixed stale Code, WebVNC, and egress bridge clients so expired or missing leases stop polling/restarting after terminal coordinator responses. Thanks @vincentkoc.
- Fixed
crabbox desktop pastefor terminal windows so symbol-heavy text falls back to direct typing instead of sending a literalCtrl+Vinto xterm-like sessions. - Removed the vulnerable transitive
fast-xml-builderWorker dependency by updating fast-xml-parser.
- Added
provider: azurefor managed Azure Linux and native Windows SSH leases, including direct and brokered provisioning, shared Azure networking, SKU fallback, Azure docs, and cleanup support. Thanks @jwmoss. - Added
provider: e2bfor delegated E2B sandbox runs using E2B sandbox REST/envd APIs. Thanks @zozo123. - Added
provider: semaphorefor direct Semaphore CI testbox leases over SSH. Thanks @loadez. - Added an authenticated coordinator control WebSocket for low-latency run attach streams and lease heartbeats, with HTTP polling/heartbeat fallback for older brokers. Thanks @vincentkoc.
- Added rescue-first desktop/WebVNC failure output that names the failing layer and prints exact
rescue:or native VNC fallback commands when bridges, viewers, browser launches, VNC targets, or input stacks hang. - Added collaborative WebVNC observer mode, with one active controller, read-only observers, and a portal takeover button that shows who is controlling the session.
- Added first-class
crabbox artifactscommands for desktop screenshots, MP4 recordings, trimmed GIFs, logs, metadata, Mantis/OpenClaw QA templates, and PR-ready publishing through broker-owned artifact storage, AWS S3, or Cloudflare R2.
- Expanded Semaphore and E2B documentation across provider, configuration, CLI, and command pages so direct providers have first-class setup, auth, lifecycle, and troubleshooting guidance.
- Changed
crabbox attachto prefer the coordinator control WebSocket, drain retained backlog pages, and then stream live run output with less polling latency. - Changed WebVNC portal sharing to open as an in-session modal, added a standalone share-page back action, and simplified collaboration controls into a single stateful control button.
- Raised the Go core coverage gate to 90% and added regression coverage around provider claims, config parsing, bootstrap defaults, run-log previews, and slug fallbacks.
- Fixed the portal provider filters so Azure leases show their own filter badge and provider icon. Thanks @stainlu.
- Fixed Azure broker SSH security rules so repeated primary/fallback SSH ports are de-duplicated before writing network security group rules.
- Fixed
crabbox runtransport chatter by keeping SSH multiplexers alive longer, retrying fallback SSH ports for streaming commands, and batching stdout/stderr preview events into larger coordinator chunks. Thanks @vincentkoc. - Fixed macOS WebVNC cursor visibility by enabling noVNC's dot-cursor fallback when Screen Sharing sends a transparent or zero-sized cursor.
- Fixed managed AWS macOS bootstrap so VNC password generation does not abort under
pipefailbefore Screen Sharing readiness is installed. - Fixed WebVNC daemon start-by-slug so coordinator-backed leases use the resolved target OS in the background bridge command.
- Fixed coordinator-backed
crabbox listso a stale admin token no longer blocks normal logged-in users; the CLI now falls back to active user-visible leases instead of failing with401 unauthorized. - Fixed desktop, screenshot, VNC, and WebVNC SSH helpers so they retry live fallback ports when a coordinator lease advertises an SSH port that is not ready yet.
- Fixed stale Code, WebVNC, and egress bridge clients so expired or missing leases stop polling/restarting after terminal coordinator responses. Thanks @vincentkoc.
- Fixed Blacksmith Testbox shell command rendering so multiline
--shellpayloads with trailing blank whitespace do not produce a spurious shell syntax failure after the remote command succeeds.
- Added mediated egress commands and browser wiring so Linux desktop leases can proxy selected app traffic through the operator machine via the coordinator bridge.
- Added WebVNC portal clipboard controls for sending local clipboard text into the remote session and copying remote clipboard text back to the local browser.
- Added lease sharing for individual users or the owning org, including
crabbox share,crabbox unshare, API access checks, and a portal share control on lease detail pages.
- Fixed
egress start --coordinatorso live public-route egress starts work when the local default coordinator is Cloudflare Access-protected. - Fixed Tailscale exit-node bootstrap paths to prefer tailnet metadata and fail clearly when remote exit-node egress is not active.
- Fixed
run --no-synctiming summaries so they reportsync_skipped=true. - Fixed native Windows command output so first-use PowerShell progress records do not leak CLIXML into run logs.
- Fixed Islo provider sync so
crabbox run --provider islouploads the local workspace, uses the correct/workspace/<workdir>, and falls back to chunked exec upload while the archive API returns server errors. - Fixed Code and WebVNC bridge websocket auth so upgraded brokers receive short-lived bridge tickets in the
Authorizationheader instead of logging them in URL query strings, while preserving query fallback for older brokers. - Fixed managed AWS macOS desktop leases so readiness and WebVNC use a writable
ec2-userwork root, callcrabbox-readyby absolute path, and read the generated Screen Sharing password via sudo.
- Added
provider: daytonafor Daytona sandbox leases using Daytona's SDK/toolbox for sync and command execution, with short-lived SSH access available throughcrabbox ssh. - Added Daytona CLI profile auth fallback so
daytona login --api-key ...can satisfy Crabbox Daytona auth without duplicatingDAYTONA_API_KEY. - Added
provider: islofor delegated Islo sandbox runs using the Islo Go SDK. - Added a provider backend registry and authoring guide so delegated and SSH-backed providers can live in provider-owned packages while core keeps command parsing, rendering, and capability validation.
- Added
--tailscale-exit-nodeand--tailscale-exit-node-allow-lan-accessso managed Linux leases can route egress through an approved tailnet exit node. - Added broker capacity hints for AWS leases, including selected market, attempted regions, quota/capacity advice, and configurable high-pressure class warnings.
- Added
crabbox codeand per-lease/code/portal URLs for authenticated code-server access on--codeLinux leases. - Added per-lease portal detail pages with bridge status, access-panel copy commands, recent run links, and a stop action.
- Added portal run detail pages with command metadata, result summaries, dense viewport-fitted portal tables, provider/OS badges, active/ended/provider/target filters, sticky portal chrome, and copyable retained log previews.
- Added latest lease telemetry snapshots for coordinator-backed Linux leases, including load, memory, disk, and uptime in
status --jsonand the portal detail view. - Added bounded lease telemetry history with portal sparklines and stale/high-resource badges on lease detail pages.
- Added run-level telemetry summaries with start/end Linux resource snapshots in run history JSON, human history output, and portal run tables/details.
- Added live run telemetry samples for longer Linux commands, including bounded coordinator storage and portal load/memory/disk trend lines on run detail pages.
- Added portal visibility for external Blacksmith Testbox runners synced from
crabbox list --provider blacksmith-testbox, with owner-scoped runner rows, stale markers, GitHub Actions links, status badges, stuck filters, detail pages, and copyable local stop commands. - Added admin portal visibility for non-owned runner leases, including
mine/systemfilters and matching detail/code/VNC drilldowns for operator sessions. - Added
crabbox desktop launch --webvnc --opento launch a desktop browser/app and immediately bridge the same lease into the WebVNC portal. - Added
crabbox webvnc --daemon/--backgroundplus--status/--stopfor background WebVNC bridges without tmux. - Added
crabbox media previewfor creating motion-trimmed GIF previews and optional trimmed MP4 clips from desktop recordings. - Documented the prebaked runner image boundary: provider-owned AMIs/snapshots hold machine capabilities while repo/runtime caches stay in QA workflows or warm leases.
- Changed AWS capacity fallback to route configured
CRABBOX_CAPACITY_REGIONSacross both brokered and direct AWS launches, with the deployed coordinator defaulting to a wider multi-region pool for better headroom. - Changed coordinator lease requests to omit the default capacity block, preserving mixed-version broker compatibility while still sending explicit market, strategy, fallback, multi-region, availability-zone, or hint opt-out settings.
- Changed coordinator-backed CLI lease output to print broker capacity hints when AWS routing, quota, Spot fallback, or configured high-pressure classes are involved.
- Changed the portal lease table to merge external Blacksmith Testbox runners into the main grid as muted, disabled rows instead of rendering a separate external-runners table.
- Refactored built-in provider backend implementations into
internal/providers/<name>packages while keeping command orchestration and rendering core-owned.
- Fixed Daytona SDK sync so tar creation and Daytona toolbox upload stream from disk instead of buffering large archives in memory.
- Fixed Daytona resource override handling so snapshot-only sandboxes reject generic
--classand--typeflags instead of accepting no-op compute settings. - Fixed Islo delegated runs so shell-mode commands preserve raw shell strings and truncated exec streams fail instead of silently reporting success.
- Fixed provider-owned flags and target/capability validation to run through registered provider specs while preserving script-facing list JSON compatibility for coordinator and Blacksmith backends.
- Fixed Blacksmith Testbox queued/outage failures so users see the upstream queue state and practical fallback guidance instead of an opaque timeout.
- Fixed Blacksmith Testbox repo inference for mirrored repositories and portal runner sync for stale or external Testbox rows.
- Fixed managed Linux desktop/browser leases to preinstall video capture and native addon build helpers, avoiding per-scenario apt installs in browser QA runs.
- Fixed managed Linux desktop leases to use a slim XFCE session instead of bare Openbox, preserving a real panel/window-manager desktop while avoiding the full XFCE meta package.
- Fixed SSH readiness progress logs to distinguish open TCP ports, failed SSH authentication, and failed Crabbox ready checks.
- Fixed auto-shell command reconstruction so arguments with spaces stay quoted when shell operators such as
&&are present. - Fixed managed Linux bootstrap ordering so SSH is reachable before slow desktop/browser package setup while readiness still waits for the full desktop/browser contract.
- Fixed managed desktop/browser warmups so slow cloud-init bootstraps get a longer readiness window, retry once after SSH timeout, and clean up failed leases instead of leaking unusable VMs.
- Fixed brokered cloud server names so friendly-slug collisions with stale provider VMs do not block new leases.
- Fixed human WebVNC desktop launches to keep browser windows windowed by default and reserve fullscreen for explicit capture/video workflows.
- Fixed WebVNC portal status text and bridge commands so waiting/reset states explain the exact local bridge command to run.
- Fixed the Code portal waiting state so it shows bridge status, copy/reload controls, and automatically opens the workspace once the local bridge connects.
- Fixed
crabbox webvnc --stopso daemon shutdown terminates the active child bridge, not only the supervisor. - Fixed portal command rows so their copy affordance copies the matching local command instead of only labelling the section.
- Fixed portal Windows target badges to show compact
winandwin (wsl2)labels instead ofwindows / normal. - Fixed portal access and time columns to use compact capability icons, relative time labels, and sortable time metadata instead of wide action buttons and Zulu timestamps.
- Fixed lease detail layout so local commands live inside the access panel instead of forcing a separate full-width commands section above recent runs.
- Fixed portal run detail layout density, responsive action alignment, and run telemetry readability so long-lived run pages fit operator viewports cleanly.
- Fixed generated docs-site navigation so the sidebar scroll position is preserved while moving between pages.
- Fixed Windows WebVNC credential handling so generated portal links preserve special characters and managed TightVNC sessions copy service passwords into the logged-in user's registry profile.
- Fixed managed Linux browser setup so Chrome/Chromium launches skip first-run and default-browser prompts.
- Fixed managed Linux browser cloud-init setup so Chrome/Chromium policy and wrapper generation cannot break YAML parsing.
- Fixed WebVNC portal passwords with escaped special characters and kept the bridge alive across viewer resets and transient coordinator EOFs.
- Added
.crabboxignorefor repo-local sync-only exclude patterns shared byrunandsync-plan. - Added WebVNC portal controls for reconnect, fullscreen, and clipboard-ready bridge commands.
- Fixed managed AWS Windows WSL2 bootstrap by using the current Ubuntu WSL rootfs URL, downloading large rootfs files through
curl.exe, and retrying empty or partial rootfs downloads instead of reusing a poisoned tarball. Thanks @vincentkoc. - Fixed AWS Windows WSL2 mode overrides so they refresh the default instance type to a nested-virtualization-capable family. Thanks @steipete.
- Fixed AWS Windows WSL2 runs so mode overrides also refresh the default work root to
/work/crabboxwhile keeping WSL2 sync on the fast rsync path. - Fixed remote git seeding so an unfetchable local commit cannot leave an empty
.gitworktree that makes sync sanity report every tracked file as deleted. - Skipped remote git seeding for local commits that are not present in any remote-tracking ref, avoiding slow doomed clone/fetch attempts before rsync.
- Fixed WebVNC bridge reconnects so reloading or reconnecting the browser no longer requires restarting the local bridge.
- Fixed Windows archive sync from macOS so Apple extended attributes do not spam remote tar warnings.
- Fixed the Homebrew formula test command so GoReleaser emits the expected formula syntax.
- Added
--desktop,--browser, andcrabbox vncfor optional Linux UI/browser leases, including loopback-only VNC with per-lease passwords and headless browser support without a desktop. - Added authenticated WebVNC portal support with
crabbox webvnc, which bridges a desktop lease into the coordinator portal with short-lived bridge tickets and without exposing the remote VNC port. - Added managed AWS Windows desktop leases with OpenSSH, Git for Windows, loopback TightVNC, per-lease VNC passwords, and
crabbox vnc. - Added managed AWS Windows WSL2 support for Linux command execution inside brokered Windows leases.
- Added AWS macOS desktop lease plumbing for EC2 Mac Dedicated Hosts, including Screen Sharing setup and per-lease credentials.
- Added
crabbox vnc --opento start the SSH tunnel and launch the local VNC client for managed desktop leases. - Added
crabbox desktop launchto open a browser or app inside a visible desktop lease, including native Windows scheduled-task launch for the logged-in console session. - Added
crabbox screenshotto save a PNG from a desktop lease without opening a VNC client. - Added optional Tailscale reachability for managed Linux leases with
--tailscale,--network auto|tailscale|public, brokered OAuth auth-key minting, and non-secret tailnet metadata in status/inspect output. - Added static macOS/Windows VNC endpoint discovery, including SSH-tunneled loopback VNC and trusted static direct VNC on
host:5900. - Added generated Windows console login details and auto-logon for managed AWS Windows desktop leases.
- Added a minimal XFCE desktop profile with panel/window manager for managed VNC leases.
- Added generated command help for grouped commands so
crabbox actions --help,crabbox cache --help,crabbox desktop --help, and similar entrypoints exit cleanly.
- Clarified static macOS/Windows VNC as existing-host access, not Crabbox-created boxes, so
--openno longer launches an OS credential prompt unless--host-managedis passed. - Switched top-level CLI routing to Kong while preserving existing per-command flags, passthrough remote commands, aliases, and exit-code behavior.
- Fixed WebVNC portal login redirects by canonicalizing broker origins before starting the browser login flow.
- Fixed AWS desktop provisioning and Windows SSH bootstrap issues that could leave managed desktop leases unreachable.
- Fixed passthrough command help such as
crabbox run --helpso it prints local usage instead of provisioning a remote lease. - Fixed
crabbox desktop launch --browseron freshly warmed desktop leases by creating the remote workdir before launching the app. - Fixed failed Blacksmith Testbox warmups so printed, newly listed, or delayed
tbx_...boxes are stopped instead of being left queued after an upstream workflow error. - Fixed
crabbox run --junitso all-passing JUnit files record results instead of leaving the coordinator run stuck when the failure list is empty. - Fixed native Windows
--shellruns so multi-statement PowerShell scripts keep their quotes instead of being re-parsed by a nested PowerShell process. - Removed the static macOS managed-login path so static host VNC cannot be mistaken for a Crabbox-created external instance.
- Excluded macOS AppleDouble
._*sidecar files from default sync manifests so native Windows archives do not transfer invalid TypeScript/package sidecars. - Quoted
crabbox vnctunnel key paths so macOSApplication Supportlease keys can be pasted directly into a shell. - Skipped Linux-only GitHub Actions hydration stop markers on native Windows static targets.
- Fixed brokered Tailscale requests on coordinators without OAuth secrets so they fail as disabled instead of entering the auth-key minting path.
- Fixed Worker deploy smoke to prefer the Crabbox-scoped Cloudflare token when it is present in the environment or local profile.
- Added static SSH macOS and Windows targets with
--target macos|windows,--windows-mode normal|wsl2, and config/env support for reusable hosts.
- Brokered Hetzner and AWS leases now reject non-Linux targets clearly; use
provider: sshfor macOS or Windows hosts.
- Made Blacksmith live smoke explicit opt-in so the default live smoke works in repositories without a Testbox workflow.
- Added
actions.fieldsconfig support so repository-specific workflow inputs are sent on every Actions hydration, with CLI-f key=valueoverrides. Thanks @vincentkoc. - Added a command-doc drift check to
npm run docs:checkso every top-level CLI command has a matching command page and index entry. Thanks @stainlu.
- Deferred run-history creation against legacy coordinators until a lease is known, avoiding noisy
invalid_lease_idfailures before command execution. Thanks @vincentkoc. - Suppressed repeated run-event append warnings when a legacy coordinator does not support the newer run-event path. Thanks @vincentkoc.
- Fixed recorded run logs so long noisy commands are stored in bounded chunks instead of losing the failure evidence between the first output events and the final tail.
- Forced SSH to use Crabbox's per-lease identity file so local SSH-agent keys cannot exhaust server auth attempts before the runner key is tried.
Crabbox 0.3.0 makes brokered runs much easier to observe and debug, adds trusted AWS image lifecycle commands, improves AWS and Blacksmith reliability, and tightens coordinator auth boundaries.
- Added early durable run session handles and append-only run events, plus
crabbox events <run-id>for inspecting the coordinator event log. - Added
crabbox attach <run-id>for following recorded events from active runs, plus--afterand--limitpagination forcrabbox events. Thanks @stainlu. - Added
--timing-jsonforwarmup,actions hydrate, andrunso provider comparisons can read stable sync, command, total, exit-code, and Actions run timing from one JSON record. - Added
--market spot|on-demandtowarmupandrunso AWS capacity market choice no longer requires environment-only overrides. - Added
crabbox image create --id <cbx_id> --name <ami-name> [--wait]for trusted operators to create AWS AMIs from active brokered AWS leases. - Added
crabbox image promote <ami-id>for trusted operators to promote an available AMI as the coordinator default for future brokered AWS leases. - Added JSON output and wait polling for image creation, including
--wait-timeoutand--no-rebootcontrols. - Added best-effort AWS vCPU quota preflight for brokered launch fallback, with concise quota-code attempt metadata when a requested instance type cannot fit the applied quota.
- Added Blacksmith Testbox timing JSON output that reports delegated sync in the same schema as AWS and Hetzner runs.
- Added coordinator-orphan hints to human
crabbox listoutput when provider machines carry no active coordinator lease. - Added the Access-protected coordinator route
https://broker-access.example.comfor service-token proof and hardened automation. - Added Cloudflare Access service-token headers for coordinator CLI requests. Thanks @stainlu.
- Added optional GitHub team allowlisting for browser-login tokens with
CRABBOX_GITHUB_ALLOWED_TEAMS. Thanks @stainlu. - Added separate coordinator admin-token auth so shared operator tokens no longer grant admin routes.
- Added Cloudflare Access JWT verification before Access identity can affect bearer-token ownership.
- Added coordinator image routes for admin-token callers:
POST /v1/images,GET /v1/images/{ami-id}, andPOST /v1/images/{ami-id}/promote. - Added AWS provider support for
CreateImageandDescribeImages, with Crabbox-owned AMI tags. - Added
docs/commands/image.mdand linked the image command from the CLI docs, command index, docs site, and source map. - Added
npm run docs:checkwith internal Markdown link validation plus docs-site generation, and wired it into CI. - Added
scripts/live-smoke.shfor opt-in AWS, Hetzner, and Blacksmith Testbox live smoke coverage from a real repository checkout. - Added
scripts/live-auth-smoke.shfor opt-in live proof that shared tokens cannot call admin routes, admin tokens can, Access edge auth works, and raw Access identity headers are ignored. - Added
scripts/deploy-worker-smoke.shto run the Worker gate, deploy the coordinator, verify public health routes, and optionally include a short AWS lease smoke.
- Hydrated runs now skip the expensive Git base-ref hydration fetch when the remote base is already current enough for the local base SHA.
- Brokered AWS class requests now fall back through provider candidates, account-policy launch rejections, and a small burstable fallback instead of failing on the first Free Tier-ineligible high-core type.
- Brokered AWS fallback now skips known quota-impossible candidates before calling
RunInstances, while preserving explicit--typefailure semantics. - Brokered lease records now keep the requested AWS instance type plus concise provisioning-attempt metadata when fallback chooses a different type.
- Coordinator run history now records the resolved lease provider/class/type when a lease exists, avoiding stale requested-type entries after fallback.
- Brokered AWS lease creation now uses the promoted AWS image when no explicit
awsAMIorCRABBOX_AWS_AMIoverride is supplied. - Moved the deployed coordinator route to the OpenClaw Cloudflare account at
https://broker.example.comand scoped default broker org/auth settings toopenclaw. - User config writes now force
0600permissions, andcrabbox doctorreports overly broad config permissions. - Image route validation now rejects noncanonical lease IDs, invalid AMI IDs, invalid AMI names, non-AWS leases, and promotion attempts before an image reaches
available.
- Recorded durable
run.failedevents reliably for coordinator-backed pre-command failures such as lease claim, bootstrap, sync, and remote workdir errors. - Fixed retained run-log tails under concurrent stdout/stderr writes so
crabbox logsdoes not drop lines while run events are being recorded. - Included the GitHub Actions hydration run URL in
crabbox run --timing-jsonoutput when an Actions-hydrated workspace marker carries a run ID. - Preserved explicit AWS
--typerequests as exact instance-type requests; Crabbox now fails clearly instead of silently falling back when the user asked for a specific type. - Fixed AWS On-Demand launches by omitting Spot request tag specifications when no Spot request is created.
- Fixed Blacksmith Testbox JSON list output so the CLI returns an empty array when Blacksmith reports no active testboxes.
- Fixed brokered AWS security-group creation by sending EC2's required
GroupDescriptionparameter, restoring first-run AWS provisioning in fresh accounts. - Fixed coordinator warmup waits to keep touching the lease during slow bootstrap so short idle timeouts do not release a box while the foreground CLI is still waiting.
- Fixed SSH known-host handling for macOS config paths containing spaces, restoring per-lease known-host isolation under
Library/Application Support. - Scoped SSH ControlMaster sockets by per-lease key path so fast IP reuse across ephemeral machines cannot inherit a stale control connection.
- Fixed
crabbox list --provider blacksmith-testbox --jsonto return parsed JSON instead of rejecting the shared--jsonflag. - Prevented caller-supplied Access identity headers from overriding signed GitHub user token identity. Thanks @stainlu.
- Canceled SSH bootstrap waits when the coordinator lease disappears or becomes inactive, and made wait progress include elapsed and remaining time.
- Warned before running JavaScript package-manager commands on an unhydrated raw box when the repo declares an Actions hydration workflow.
- Fixed the generated docs-site mobile menu icon so the hamburger bars remain visible on narrow iOS/Safari viewports.
- Fixed responsive padding on the generated docs-site frontpage body content.
- Documented self-hosted GitHub OAuth setup so external coordinator deployments can avoid
Invalid redirect_urilogin failures.
Crabbox 0.2.0 hardens the brokered runner path after real AWS and Blacksmith Testbox use: browser login is safer, AWS SSH ingress is no longer world-open by default, SSH readiness waits for the Crabbox bootstrap marker, and fallback SSH ports are configurable instead of being hidden port-22 magic.
- Added GitHub browser login for
crabbox login, including signed user tokens, polling-based CLI completion,--no-browser, and JSON output support. - Added coordinator OAuth routes for GitHub login:
/v1/auth/github/start,/v1/auth/github/callback, and/v1/auth/github/poll. - Added signed non-admin user-token auth in the Worker while keeping the shared operator token for admin routes.
- Added GitHub org membership enforcement before minting browser-login tokens.
- Added the canonical coordinator endpoint configured for OAuth callback generation.
- Added Blacksmith Testbox workflow flags for
crabbox warmupandcrabbox run, enabling one-command Testbox runs without repo YAML or environment variables. - Added configurable SSH fallback ports via
ssh.fallbackPortsandCRABBOX_SSH_FALLBACK_PORTS.
- Updated CLI defaults, docs, examples, and auth guidance to prefer
https://broker.example.com. - Clarified that Cloudflare Access OAuth and Crabbox CLI OAuth are separate GitHub OAuth apps with separate callback URLs.
- Scoped normal GitHub-login users to their own leases, run history, logs, and usage; shared-token admin auth remains required for pool and fleet-wide operator views.
- AWS coordinator-created security groups now allow SSH only from configured CIDRs, the CLI-detected outbound IPv4 CIDR, or the request source IP instead of adding world-open SSH ingress.
- Direct AWS security groups now honor the configured AWS SSH source CIDRs when creating managed SSH ingress.
- Direct and brokered AWS now open the same configured SSH port candidates that the CLI will try.
- Cleaned up Blacksmith Testbox local lease claims and per-lease SSH keys after failed warmups, explicit stops, and one-shot runs.
- Fixed
statusandinspectreadiness reporting so active leases with a host are not marked ready until SSH andcrabbox-readyactually respond. - Fixed remote sync sanity failures to include the remote deletion count and sample paths instead of hiding the useful stderr behind
exit status 66. - Restricted Worker admin routes to shared-token admin auth so GitHub browser-login users cannot call admin endpoints.
- Fixed
whoamireporting for GitHub browser-login tokens. - Fixed exact
cbx_...lookups bypassing owner-scoped slug authorization checks. - Added cleanup and a pending-login cap for unauthenticated GitHub OAuth login starts.
Crabbox 0.1.0 is the first public release: a Go CLI, Cloudflare Worker coordinator, and OpenClaw plugin for leasing fast remote Linux machines, syncing dirty worktrees, running commands, and releasing or reusing warm boxes safely.
- Lease remote Linux test boxes from the CLI, sync the current checkout, run a command over SSH, stream output locally, and return the remote exit code.
- Use stable canonical lease IDs such as
cbx_...for APIs, scripts, paths, SSH keys, provider labels, and compatibility. - Use friendly crustacean slugs such as
blue-lobster,swift-hermit, andamber-krillanywhere a lease ID is accepted. - Keep warm boxes ergonomic without runaway cost: kept leases auto-release after an idle timeout, defaulting to
30m, while--ttlremains a maximum wall-clock cap. - Hydrate a leased box through a project-owned GitHub Actions workflow so repositories define their own runtimes, services, secrets, caches, and readiness.
- Keep runner bootstrap intentionally tiny: SSH, Git, rsync, curl, jq,
/work/crabbox, and cache directories only. Go, Node, pnpm, Docker, databases, and services belong to the repo setup layer. - Drive Crabbox from OpenClaw through native plugin tools for run, warmup, status, list, and stop.
- Install via Homebrew with
brew install openclaw/tap/crabbox, or download GoReleaser archives for macOS, Linux, and Windows.
- Added
crabbox runfor one-shot remote command execution with automatic acquire, sync, heartbeat, command streaming, result collection, and release. - Added
crabbox warmupfor reusable kept leases. - Added
crabbox status,inspect,list,ssh,stop, and compatibility aliasesrelease,pool list, andmachine cleanup. - Added
crabbox cleanupfor direct-provider cleanup of expired machines. - Added
crabbox initto generate.crabbox.yaml,.github/workflows/crabbox.yml, and.agents/skills/crabbox/SKILL.md. - Added
crabbox doctor,config,login,logout, andwhoamifor local setup, broker auth, and identity checks. - Added
crabbox admin leases,admin release, andadmin deletefor trusted operator control of coordinator leases. - Added
crabbox usagefor estimated runtime and cost reporting by user, org, fleet, or JSON output. - Added
crabbox historyandlogsfor coordinator-recorded runs and retained log tails. - Added
crabbox resultsplusrun --junitfor JUnit summaries. - Added
crabbox cache stats,cache warm, andcache purge. - Added
crabbox sync-planto inspect sync candidates, largest files, and largest directories without leasing a machine. - Added
--jsonoutput on inspection/status/history-style commands where machines or runs need scriptable output.
- Added canonical immutable lease IDs with per-lease SSH keys under the Crabbox config directory.
- Added deterministic crustacean-style slug generation with collision suffixes when needed.
- Added slug-aware lookup for active leases while preserving exact
cbx_...lookup precedence. - Added provider-visible names and runner labels based on slugs while retaining canonical lease labels for cleanup.
- Added owner-scoped slug allocation in the coordinator and collision-safe slug allocation in direct-provider mode.
- Added
lastTouchedAt,idleTimeoutSeconds, and recomputedexpiresAtmetadata. - Added heartbeat/touch behavior for active operations, including
run,ssh, cache commands, Actions hydration, andstatus --wait. - Kept plain
statusread-only so status polling does not extend a lease forever. - Added local claim files under the Crabbox state directory so reused leases stay associated with the repository that acquired them.
- Added
--reclaimfor intentionally moving a local lease claim between repositories.
- Added a Cloudflare Worker API backed by a Fleet Durable Object for serialized lease state.
- Added brokered Hetzner and AWS provisioning so normal clients do not need provider API credentials.
- Added Durable Object alarms for lease expiry and cleanup.
- Added bearer-token coordinator auth for automation and local users.
- Added create, get, heartbeat/touch, release, admin lease, usage, run history, run log, and health endpoints.
- Added coordinator-owned slug allocation, idle expiry math, TTL caps, and provider metadata storage.
- Added cost guardrails for active leases and monthly reserved spend.
- Added provider-backed pricing from AWS Spot price history and Hetzner server-type prices, with static fallback rates.
- Added bounded HTTP dial/TLS timeouts and local
curlfallback for coordinator transport failures.
- Added Hetzner provisioning with SSH key import/reuse, class fallback, labels, server deletion, and direct debug mode.
- Added AWS EC2 Spot provisioning with signed EC2 Query API calls in the Worker, SSH key-pair import/reuse, security-group setup, Spot instance launch, tag propagation, and direct debug mode.
- Added AWS class fallback across broad C/M/R instance families.
- Added AWS direct-mode Spot placement score support across configured regions.
- Added provider labels/tags for canonical lease ID, slug, state, keep flag, created/touched/expiry timestamps, idle timeout, TTL, class, profile, and provider key.
- Added Hetzner-safe label encoding using Unix seconds and compact duration seconds.
- Added per-lease provider SSH key/key-pair cleanup when machines are deleted.
- Added Git-backed sync manifests so Crabbox transfers tracked files plus nonignored untracked files instead of the full local tree.
- Added default sync excludes for
.git, dependency folders, build caches, and other local-only directories. - Added rsync checksum/delete options, sync timeouts, quiet-rsync heartbeats, and no-change fingerprint skips.
- Added sync preflight estimates and large-sync guardrails for file count and byte size.
- Added remote sanity checks for mass tracked deletions.
- Added remote Git seeding and shallow base-ref hydration for changed-test workflows.
- Stored sync metadata under
.git/crabboxwhen the remote directory is a Git worktree, keeping the working tree clean. - Added remote workdir creation for
--no-syncruns. - Added concise sync and command timing summaries for warmup, run, and Actions hydration.
- Added per-lease
known_hostsfiles to avoid host-key conflicts when cloud providers reuse ephemeral IPs.
- Added
crabbox actions registerto register leased machines as ephemeral GitHub Actions runners. - Added
crabbox actions dispatchto dispatch repository workflows. - Added
crabbox actions hydrateto register, dispatch, wait for readiness, and capture the hydrated workspace. - Added workflow-dispatch input inspection so Crabbox skips optional inputs that older workflow refs do not declare.
- Added hydrated workspace detection so later
crabbox run --id <slug>syncs into$GITHUB_WORKSPACE. - Added non-secret environment handoff from the hydration workflow to later Crabbox commands.
- Added stop-marker writing so
crabbox stopcan ask the waiting Actions job to exit cleanly. - Runner labels include
crabbox, canonical lease labels, readable slug labels, and profile/class labels.
- Added a native OpenClaw plugin package at the repository root.
- Added
crabbox_run,crabbox_warmup,crabbox_status,crabbox_list, andcrabbox_stoptools. - Added plugin tests that verify command construction and disabled-tool behavior.
- Added JUnit XML parsing and summaries for remote test result files.
- Added stored result summaries in coordinator run history.
- Added bounded run-log tails so history remains useful without storing unbounded output.
- Added cache stats, warm, and purge helpers for pnpm, npm, Docker, and Git cache directories.
- Cache commands honor configured cache-kind toggles.
- Added YAML config loading from user config plus repo-local
crabbox.yamlor.crabbox.yaml. - Added environment overrides for coordinator, provider, class, server type, AWS, Hetzner, lease durations, sync behavior, Actions, results, cache, and env allowlists.
- Added scoped
lease.ttlandlease.idleTimeoutconfig. - Removed pre-release JSON config compatibility before shipping.
- Added workflow-first top-level help with common flows, grouped commands, config pointers, environment variables, and aliases.
- Added command documentation under
docs/commands/. - Added feature docs for coordinator, providers, sync, lifecycle cleanup, Actions hydration, cache, test results, SSH keys, cost usage, auth/admin, and runner bootstrap.
- Added architecture, how-it-works, operations, performance, infrastructure, troubleshooting, security, CLI, orchestrator, and MVP docs.
- Added a dependency-free GitHub Pages docs builder and Pages deployment workflow.
- Added GoReleaser configuration for macOS, Linux, and Windows archives.
- Added Homebrew tap publishing configuration for
openclaw/homebrew-tap. - Added release workflow hardening that skips Homebrew tap publication when the tap token is missing or invalid instead of failing after publishing release assets.
- Added CI for Go formatting,
go vet, race tests, build, Worker formatting/lint/typecheck/tests/build, and snapshot release checks. - Added strict local Go toolchain selection with
toolchain go1.26.2,GOTOOLCHAIN=localin CI, and readonly trimmed builds. - Added a Go core coverage gate enforcing at least
85%; current coverage is above that threshold. - Updated Worker dependencies to current Cloudflare Workers types, Wrangler, and TypeScript.
- Updated GitHub Pages actions to current major versions.
- Touch-only coordinator heartbeats no longer overwrite an existing lease idle timeout unless explicitly requested.
- Direct-provider slugs are collision-checked against active machines before provisioning.
- Direct-provider expiry is capped by the shorter of idle timeout and TTL.
- Direct-provider reuse refreshes
last_touched_at,expires_at, and idle timeout labels. - Slug lookup no longer lets malformed noncanonical
leaselabels shadow real slug labels. - Direct Hetzner labels no longer contain invalid timestamp or duration characters.
- Coordinator slug and idle metadata are stored and returned through public lease routes.
crabbox-readynow waits for a Crabbox bootstrap marker and writable work root so base-image tools cannot make machines look ready too early.- Config-writing commands honor
CRABBOX_CONFIG, keeping isolated login/logout tests out of the normal user config. - Boolean flags for
logsand admin lease actions work after positional IDs, such ascrabbox logs run_... --json. actions hydrateretries without optionalcrabbox_jobwhen an older workflow ref rejects the input.cache warmuses the hydrated GitHub Actions workspace and env handoff when a lease was prepared byactions hydrate.doctoraccepts per-lease SSH keys as the default posture and validates explicitCRABBOX_SSH_KEYonly when set.- Local per-lease SSH keys move with coordinator-renamed lease IDs.
- Stored test-result summaries are bounded before run history persistence.