You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Added Azure native Windows desktop/VNC and Windows WSL2 lease support, matching the AWS Windows capability boundary. Thanks @jwmoss.
Added provider: proxmox for direct Proxmox VE Linux QEMU VM leases, including template clone, cloud-init SSH key injection, guest-agent bootstrap, docs, and cleanup support.
Added provider: tensorlake delegated runs for Tensorlake Firecracker sandboxes through the tensorlake CLI, including archive sync, env allowlist forwarding, docs, and live-provider coverage. Thanks @zozo123.
Added crabbox run --preflight, --capture-stderr, automatic failure bundles, env-forwarding summaries, and CRABBOX_PHASE:<name> timing markers for easier live/provider run debugging.
Added crabbox run --keep-on-failure so failed one-shot runs can leave the exact lease available for SSH inspection until idle/TTL expiry.
Added crabbox run --script <file> and --script-stdin so larger remote commands can be uploaded and executed as files instead of quoted shell strings.
Added crabbox run --env-from-profile <file> and repeatable --allow-env <name> for redacted, first-class live-secret forwarding from local profile files.
Added crabbox run --fresh-pr <owner/repo#number> for fresh remote GitHub PR checkouts, with optional --apply-local-patch.
Added crabbox azure login so direct Azure users can persist the active az login subscription, tenant, and location without manually exporting service-principal environment variables. Thanks @galiniliev.
Added azure.network / CRABBOX_AZURE_NETWORK so Azure direct leases can SSH through private VNet addresses when using VPN/private-network access. Thanks @galiniliev.
Added scripts/proxmox-build-template.sh to build a Crabbox-ready Ubuntu 24.04 Proxmox template from a public cloud image. Thanks @VACInc.
Changed
Changed sync guardrails to count the dirty delta when local changes are present while still printing the full candidate size, making dirty-worktree iteration less noisy.
Expanded default sync excludes for common generated churn such as .ignored, .vite, playwright-report, test-results, and local .crabbox log/capture directories, and added top-directory hints for large sync candidates.
Changed automatic failure-bundle stdout/stderr capture to cap implicit temp logs while still allowing explicit --capture-stdout / --capture-stderr files for full local streams.
Documented --fresh-pr ... --apply-local-patch as the preferred fast path for PR iteration from noisy local checkouts.
Documented Azure CLI login setup, private-network SSH selection, and regional constraints for reused Azure VNet/subnet/NSG resources. Thanks @galiniliev.
Clarified that Blacksmith delegated runs cannot forward CLI-side --env-from-profile values and should use workflow-side secrets.
Documented Islo's islo ssh --setup host-alias flow for ad-hoc SSH access to Islo sandboxes. Thanks @zozo123.
Fixed
Fixed shared-token coordinator auth so caller-supplied X-Crabbox-Owner and X-Crabbox-Org headers cannot select the authenticated owner/org. Thanks @Hinotoi-agent.
Fixed Code, WebVNC, and Egress bridge ticket creation so use-shared lease users cannot mint lease-side bridge-agent tickets without manage access. Thanks @Hinotoi-agent.
Fixed repo-local env.allow: ["*"] so it no longer forwards every local environment variable to remote commands. Thanks @Hinotoi-agent.
Fixed Windows SSH sync by disabling unsupported OpenSSH ControlMaster multiplexing and preferring WSL rsync/path conversion when available. Thanks @galiniliev.
Fixed Tensorlake slug resolution so stale claims from other providers cannot shadow an active Tensorlake sandbox slug.
Fixed Sprites and Namespace Devbox work-root validation so broad roots are rejected before create/prepare flows. Thanks @stainlu.
Fixed Sprites list pagination so missing or repeated continuation tokens fail instead of spinning or accepting malformed pages. Thanks @stainlu.
Fixed Namespace Devbox prepare error reporting so prepare failures are not hidden behind earlier SSH config fallback errors. Thanks @stainlu.