Skip to content

Releases: openclaw/crabbox

v0.21.0

Choose a tag to compare

@github-actions github-actions released this 27 May 06:48
v0.21.0
7bd2c50

0.21.0 - 2026-05-27

Added

  • Added --desktop-env gnome for a GNOME-apps desktop profile on labwc/WayVNC with GNOME Panel taskbars and Xwayland-backed app launches.
  • Added native Windows support for GitHub-runner Actions hydration so workflows can prepare Windows leases before Crabbox attaches to the hydrated workspace.
  • Added a portable --os/os lease selector with Ubuntu 26.04 as the preferred Linux image where provider catalogs support it, while preserving explicit provider image overrides.
  • Added Azure capacity.regions fallback with region-scoped managed network names and Azure capacity hints, matching the AWS capacity-routing model.
  • Added a repo-local Crabbox hydrate workflow and documented Azure as the preferred Windows/WSL2 provider when Azure quota or credits are available.
  • Added crabbox run --lease-output <file> for reusable delegated-run session JSON, starting with Blacksmith Testbox. Thanks @RomneyDa.

Fixed

  • Fixed failed-run summaries so application output mentioning provider auth no longer looks like a provider/auth blocker, shell && command chains explain short-circuit behavior, observed phases identify the likely failed phase, and opt-in automatic JUnit discovery can add structured test failures.
  • Fixed Azure Spot VM provisioning to send billingProfile.maxPrice: -1 explicitly in both direct and brokered mode, keeping Crabbox leases on Spot pricing without price-threshold evictions.
  • Fixed coordinator-backed lease creation to wait long enough for slow cloud bootstraps such as Azure Windows/WSL2 before timing out locally.
  • Fixed Azure failed-candidate cleanup retries to emit Worker-side progress logs while Azure waits out NIC and public IP dependency locks.
  • Fixed brokered Azure region ordering so an explicit request or CRABBOX_AZURE_LOCATION is attempted before the coordinator default.
  • Fixed native Windows --fresh-pr runs so PR checkout, local patch application, and post-bootstrap SSH port changes work over PowerShell.
  • Fixed native Windows Actions env handoff so crabbox run can consume bash-style hydrate env files and reuse hydrated Node/pnpm paths.
  • Fixed AWS coordinator EC2 polling to tolerate transient InvalidInstanceID.NotFound after instance creation and to report parsed AWS XML errors.
  • Fixed AWS coordinator provisioning retries so wrapped opaque RunInstances errors are retried instead of failing immediately.
  • Fixed Daytona provider sandbox inventory to use Daytona's cursor-based listing API.
  • Removed OpenClaw-specific hosted broker defaults and documentation from the generic Crabbox broker login flow.

v0.20.0

Choose a tag to compare

@steipete steipete released this 26 May 11:22
v0.20.0
b694a71

0.20.0 - 2026-05-26

Added

  • Added default artifact manifests for crabbox artifacts publish, plus crabbox artifacts list and crabbox artifacts pull for URL-backed proof handoff with size and SHA256 verification.
  • Added crabbox providers to print the registered provider capability matrix, including targets, backend kind, coordinator mode, aliases, and feature flags.
  • Added failed-run follow-through output with a compact digest that shows the failed phase, likely area, retryability, next commands, and a short redacted tail.
  • Added crabbox doctor --from-run <run-id> to load provider, target, class, type, lease, and phase context from recorded run history before diagnostics.
  • Added crabbox logs --tail, crabbox events --type, crabbox events --phase, and crabbox results --failed-only for faster recorded-run triage.

Fixed

  • Fixed Blacksmith Testbox runs so repo-level env allowlists for SSH-backed providers no longer block delegated Testbox warmup.
  • Fixed AWS Linux desktop bootstrap so generated theme helpers include the latest WebVNC desktop styling on fresh leases.
  • Fixed AWS Linux desktop bootstrap so existing desktop services are restarted after profile changes instead of leaving stale XFCE/X11 services running under a Wayland profile.
  • Changed the experimental Wayland desktop bootstrap to use labwc, giving WebVNC sessions normal draggable, decorated windows instead of Sway tiling defaults.
  • Fixed the W&B Sandboxes provider default endpoint to follow the current upstream api.cwsandbox.com API host.
  • Fixed Linux WebVNC desktop panel styling so status and taskbar items avoid harsh high-contrast borders in dark mode.
  • Fixed Linux WebVNC terminal windows so the XFCE Terminal menu bar follows the dark desktop theme.

v0.19.0

Choose a tag to compare

@github-actions github-actions released this 25 May 11:51
v0.19.0
8e9179d

0.19.0 - 2026-05-25

Added

  • Added AWS doctor capacity readiness checks that surface Spot and On-Demand vCPU quota pressure before warmup. Thanks @jwmoss.
  • Added an experimental Linux --desktop-env wayland profile using Sway, WayVNC, Wayland browser launch env, and grim screenshots while keeping XFCE as the default desktop.

Fixed

  • Fixed coordinator-backed AWS SSH ingress so active lease source CIDRs are preserved through provider-owned access reconciliation instead of core AWS special cases. Thanks @obviyus.
  • Fixed coordinator-backed one-shot runs to replace a lease once when SSH drops after sync but before the command starts, stopping the stale lease and retrying sync on the replacement.
  • Fixed Linux desktop theme setup so WebVNC sessions install and prefer native Arc-Dark/other dark XFCE themes instead of custom-painting panel and window chrome.
  • Fixed Linux WebVNC desktop sessions so they follow the portal light/dark toggle and system theme changes after the remote desktop has already connected.
  • Fixed run failure summaries and timing JSON to classify likely blocked stages, redact known HTML auth challenge bodies from failure excerpts, and reject unsupported Blacksmith environment forwarding before warmup.
  • Fixed desktop browser launches so Linux WebVNC browser sessions inherit the dark desktop theme, advertise dark color-scheme preference to web apps, and repair older managed browser wrappers before launch.

v0.18.0

Choose a tag to compare

@github-actions github-actions released this 23 May 23:06
v0.18.0
e1f2f93

0.18.0 - 2026-05-23

Added

  • Added provider: upstash-box for delegated Upstash Box sandbox runs through the Box REST API, including archive sync, run, warmup, list, status, stop, config/env overrides, and provider docs.

Fixed

  • Fixed portal and documentation theme toggles so dark mode shows only the sun icon and light mode shows only the moon icon.
  • Fixed remote Parallels hosts so prlctl is found on standard Mac install paths, and made snapshot fork dry-runs reject non-forkable power-on snapshots consistently.

Changed

  • Changed Linux desktop/WebVNC leases to seed and apply XFCE, GTK, GSettings, and terminal dark theme settings, and changed the portal theme toggle to preserve a system-synced mode.

v0.17.1

Choose a tag to compare

@github-actions github-actions released this 22 May 16:33
v0.17.1
809fb25

0.17.1 - 2026-05-22

Added

  • Added crabbox run --emit-proof support for Blacksmith Testbox delegated runs, including bounded local stdout/stderr, timing, and metadata artifacts for successful proof runs.
  • Added local-container Docker socket pass-through with host-visible work roots so provider: docker leases can run Docker-based test suites through the host daemon.

Fixed

  • Fixed local-container Docker socket pass-through on Docker Desktop, OrbStack, Colima, and similar local VM runtimes by mounting the daemon-visible socket path instead of the client context socket path.
  • Fixed local-container Docker socket sync on local VM runtimes that reject rsync mtime updates on host-mounted work roots.
  • Fixed local-container Docker socket bootstrap to prefer Docker's current Debian/Ubuntu CLI package before falling back to distro docker.io.
  • Fixed crabbox cleanup --provider docker support for stale local-container leases.
  • Fixed provider: docker stop/release cleanup so host-visible per-lease work directories created for Docker socket pass-through are removed with the lease.
  • Fixed local Actions hydration for repo-local composite actions, cache no-ops, simple input conditions, safe hashFiles, secret-expression rejection, and Node 24.x setup on minimal Debian images.
  • Fixed Parallels linked-clone provisioning to require an explicit source snapshot so prlctl cannot create a template-side linked-clone snapshot implicitly.

v0.17.0

Choose a tag to compare

@github-actions github-actions released this 21 May 22:37
v0.17.0
77353c1

0.17.0 - 2026-05-21

Added

  • Added provider: parallels for local and remote Mac Parallels Desktop fleets, including template and snapshot-backed cloning, direct checkpoints, desktop/VNC forwarding, and Linux, macOS, and Windows guests.
  • Added provider: runpod for RunPod public TCP SSH leases through the RunPod REST API, including Crabbox sync/run, crabbox ssh, crabbox doctor, and provider docs. Thanks @zozo123.
  • Added a thin macOS developer-tools image mint wrapper that keeps paid host allocation explicit while wiring the reusable prep script, promotion, checkpoint proof, and lifecycle evidence defaults.
  • Added AWS Linux and Windows developer-image prep scripts plus a guarded mint wrapper for baking Docker, Node 24, pnpm, GitHub CLI, and common developer tooling into fast-booting Crabbox AMIs.
  • Added explicit AWS Fast Snapshot Restore promotion support for hot developer-image AMIs via crabbox image promote --fast-snapshot-restore --fsr-az <az> and the AWS developer-image mint wrapper.
  • Added crabbox image fsr-status and the coordinator Fast Snapshot Restore status route for checking live AWS snapshot/AZ state after promotion.
  • Added a light/dark mode toggle to the Crabbox documentation site that defaults to the system color scheme, persists the choice in local storage, and applies before first paint to avoid a flash.
  • Added provider: local-container with docker, container, and local-docker aliases for local Linux container leases and optional desktop/browser/WebVNC smoke boxes through Docker-compatible runtimes such as Docker Desktop, OrbStack, and Colima.

Changed

  • Changed the portal lease table filter bar from a long single-choice pill list to grouped state, provider, OS, kind, and admin ownership selectors.
  • Changed the macOS developer-tools mint wrapper to default to a full Xcode macOS 15 / Swift 6.2 toolchain on newer EC2 Mac host families, while keeping CLT-only image bakes explicit.

Fixed

  • Fixed direct GCP leases so new VMs set GCP maxRunDuration with DELETE for the TTL hard cap, install a guest-side idle expiry guard for expired ready/active leases when possible, and crabbox cleanup --provider gcp removes stale local GCP claim files after provider inventory no longer contains the lease.
  • Fixed Windows developer-image bootstrap readiness so setup completion is written before restarting SSH and native Windows bakes wait for a stable SSH window before continuing.
  • Fixed the Windows developer-image mint wrapper so the final PowerShell prep chunk decodes and runs inline instead of relying on a separate post-upload command.
  • Fixed Windows developer-image prep so Docker Engine installation is deferred until after the required Containers feature reboot.
  • Fixed Windows developer-image bakes so the Docker Containers feature can interrupt SSH without aborting the image mint, as long as the reboot marker is present.
  • Fixed Windows developer-image warmup proof so the mint wrapper keeps the source lease alive with an SSH command instead of waiting on stale coordinator readiness.
  • Fixed Windows developer-image prep so fresh Chocolatey and Node shims are visible in the active PowerShell session, and first-pass Docker feature installs exit cleanly before final tool verification.
  • Fixed Windows developer-image Docker Engine installation to use static Docker binaries instead of the stale DockerMsftProvider package feed.
  • Fixed Windows developer-image AMI prep to reset EC2Launch state before capture so candidate instances run per-lease user data and accept the new Crabbox SSH key.
  • Fixed Windows developer-image prep to leave Crabbox-managed OpenSSH in place instead of installing Chocolatey's OpenSSH package over the active lease transport.
  • Fixed Windows developer-image minting to retry idempotent prep-script chunk uploads, run long prep through a detached scheduled task, and require a stable post-reboot SSH window before the second prep pass.
  • Fixed AWS developer-image bakes behind configured security groups so coordinator heartbeats still refresh the configured Crabbox SSH ports, and aligned the Worker Windows bootstrap ordering with the CLI path.

v0.16.0

Choose a tag to compare

@github-actions github-actions released this 18 May 15:26
v0.16.0
8654def

0.16.0 - 2026-05-18

Added

  • Added provider: exe-dev for exe.dev VM SSH leases through the exe.dev SSH API, including Crabbox sync/run, crabbox ssh, and provider docs.
  • Added the Railway delegated provider for redeploying an existing Railway service, streaming build/runtime logs, and reporting deployment status through crabbox run, status, stop, and list. Thanks @zozo123.
  • Added direct crabbox doctor readiness for all built-in providers without creating provider resources.
  • Added direct crabbox doctor --provider exe-dev readiness through the exe.dev inventory API without creating VMs.
  • Added Cloudflare runner readiness to crabbox doctor --provider cloudflare so runner URL, auth, and container bindings are checked without creating a sandbox. Thanks @altaywtf.
  • Added crabbox doctor --json, provider error classification and hints, direct-check timeout/API/mutation labels, optional --doctor-probe-ssh, and scripts/live-doctor-smoke.sh for maintainer live coverage checks.
  • Added --slug for crabbox warmup, fresh crabbox run leases, and crabbox checkpoint fork, plus --label for human-readable run history/timing metadata.
  • Added a light/dark mode toggle to the crabbox portal header that defaults to the system color scheme, persists the choice in local storage, and applies before first paint to avoid a flash.
  • Added a reusable macOS developer-tool prep script for image bakes that verifies Command Line Tools, installs Homebrew plus common CLI tooling, activates Node 24/pnpm, and exposes stable SSH-visible tool shims.
  • Added an account-guarded EC2 Mac Dedicated Host quota request helper for turning macOS lifecycle smoke quota evidence into a dry-run or explicit AWS Service Quotas request.
  • Added a no-spend macOS coordinator remediation audit helper that bundles provider identity, IAM policy, host quota, host allocation dry-run, guarded IAM apply dry-run, and guarded quota request dry-run evidence into summary.json.

Changed

  • Changed Actions hydration to run repo workflow setup locally over SSH by default, auto-hydrate crabbox run when actions.workflow is configured, and keep GitHub self-hosted runner registration behind --github-runner fallback.
  • Changed AWS macOS AMI selection so newer mac-m* EC2 Mac leases use macOS 15 images while mac2* and legacy mac1.metal continue using launchable macOS 14 images.
  • Hardened macOS image lifecycle smoke so source, candidate, and promoted images must expose Command Line Tools-compatible Apple developer tools, Swift, Homebrew, and common Node/pnpm developer tooling before promotion, with stricter macOS 15 and Swift tools 6.2 defaults for mac-m* host families.
  • Clarified WebVNC docs to include coordinator-backed AWS macOS desktop leases in the supported portal bridge surface.

Fixed

  • Fixed AWS macOS lease bootstrap so EC2 Mac instances explicitly install the Crabbox SSH key, enable Remote Login on configured ports, and treat Screen Sharing as available for WebVNC even when a dedicated host lease predates the desktop=true label.
  • Fixed AWS WebVNC reconnects so coordinator lease heartbeats refresh SSH ingress from the caller source before local bridge startup retries.
  • Fixed the portal so configured AWS macOS Dedicated Hosts appear as lease-like dedicated rows with host detail pages, attached-lease access actions, and local start/WebVNC commands for host-pinned desktop leases.
  • Fixed WebVNC daemon restarts so the background bridge keeps its lease claim after a repo checkout changes.
  • Fixed macOS WebVNC bridge churn by using a smaller bridge pool for macOS Screen Sharing instead of opening the default multi-slot VNC pool.
  • Fixed macOS WebVNC portal performance by using latency-biased noVNC compression and quality defaults for Screen Sharing sessions.
  • Fixed WebVNC portal credential failures so bare or stale macOS links stop with a clear status instead of opening a blank retry loop.
  • Fixed WebVNC local bridge startup so resolved SSH fallback ports are reused for the foreground VNC tunnel instead of falling back during probes and then tunneling the stale configured port.
  • Fixed Railway crabbox run redeploys to use Railway's deployment redeploy mutation so live Docker-image services return the new deployment ID reliably.
  • Fixed pinned AWS macOS host/image launches so region fallback cannot silently route a candidate image proof onto a different region or host.
  • Fixed direct AWS AMI checkpoint create, inspect, delete, and fork paths so source instances are validated before host preparation and recorded account/direct-backend metadata is honored even after coordinator configuration changes.
  • Fixed direct AWS macOS AMI checkpoint forks so resolved and recorded EC2 Mac Dedicated Host pins are reused after coordinator routing is disabled.
  • Fixed AWS macOS native checkpoint selection so brokered and direct macOS checkpoints use AMI-backed snapshots by default instead of raw EBS snapshot forks that EC2 Mac cannot reliably relaunch.
  • Fixed macOS image lifecycle smoke checkpoint forks so EC2 Mac host recycle waits require stable availability and retry once after transient host recycle failures.
  • Fixed macOS image lifecycle smoke checkpoint forks so forked macOS leases request desktop/WebVNC metadata before collecting WebVNC evidence.
  • Fixed macOS image lifecycle smoke summaries so paid EC2 Mac Dedicated Host allocation failures preserve stderr, blocker text, and remediation guidance instead of writing an empty blocker.
  • Fixed EC2 Mac Dedicated Host state parsing so live AWS DescribeHosts responses are recognized as reusable by macOS lifecycle smoke instead of falling through to a new host allocation path.
  • Fixed existing AWS macOS lease commands so crabbox run --id ... --target macos defaults the irrelevant capacity market to On-Demand instead of failing Spot validation before reaching the lease.
  • Fixed recursive run artifact globs so ** works on older Bash without crossing unintended path segments.
  • Fixed crabbox doctor local tool checks so providers that do not use local SSH/rsync do not fail on those tools.

v0.15.0

Choose a tag to compare

@github-actions github-actions released this 17 May 06:32
v0.15.0
be3071c

0.15.0 - 2026-05-17

Added

  • Added crabbox capsule for local GitHub Actions failure replay manifests, including capture, inspect, replay, promotion, and documentation for how capsules compose with actions hydration and checkpoints. Thanks @zozo123.
  • Added AWS macOS support to native crabbox checkpoint snapshot/image creation and forks, including host-pin metadata and On-Demand fork defaults.
  • Added --take-control for WebVNC portal handoffs so opened browser viewers can automatically become the keyboard and mouse controller after connecting.
  • Added scripts/macos-image-lifecycle-smoke.sh for guarded AWS EC2 Mac host allocation, source macOS lease boot, WebVNC bridge proof, AMI creation, candidate-image smoke, promotion, promoted-image smoke, cleanup, and durable summary.json evidence.
  • Added a no-spend macOS host region preflight helper for checking reusable EC2 Mac Dedicated Hosts, dry-run allocation readiness, and Dedicated Mac host quota across configured AWS regions before approving paid allocation.
  • Added an account-guarded macOS image lifecycle IAM apply helper for trusted operators remediating coordinator AWS permissions from smoke artifacts, including automatic local AWS profile matching.
  • Added parsed IAM policy target details to crabbox admin providers identity --provider aws --json so operators know which role or user needs the macOS image lifecycle policy.
  • Added provider-scoped admin entrypoints: crabbox admin providers identity, crabbox admin providers policy, and crabbox admin hosts for host lifecycle operations. Existing admin aws-* and admin mac-hosts commands remain compatibility aliases.
  • Added provider-neutral CRABBOX_HOST_ID / hostId config for host-pinned leases while keeping CRABBOX_AWS_MAC_HOST_ID / aws.macHostId as AWS compatibility aliases.
  • Added provider-neutral coordinator admin routes for host lifecycle and provider identity operations, while keeping the legacy AWS routes as compatibility fallbacks.
  • Added compatibility aliases crabbox admin mac-hosts, crabbox admin aws-identity, crabbox admin aws-policy, and crabbox admin aws-policy --mac-hosts for existing AWS macOS operator workflows.
  • Added a broker-side AWS orphan sweep that periodically scans configured AWS capacity regions from the Durable Object alarm and can terminate confirmed Crabbox-tagged EC2 orphans.
  • Added an AWS orphan-audit script for trusted operators to find Crabbox-tagged EC2 instances left behind in old provider accounts after credential or account rotation.
  • Added macOS image lifecycle evidence files for host discovery, quota, dry-run, allocation, image creation, image promotion, warmup, host wait, WebVNC daemon startup, WebVNC status, and artifact directories for blocked, partial, and completed runs.
  • Added regression coverage for the guarded macOS image lifecycle smoke and configurable WebVNC post-start grace period.

Changed

  • Hardened the macOS image lifecycle smoke so native checkpoint snapshot creation, checkpoint forks, WebVNC proof, and checkpoint cleanup run before candidate-image promotion.
  • Hardened the macOS image lifecycle smoke so EC2 Mac Dedicated Host scrubbing, WebVNC daemon cleanup, active portal bridge checks, and Mac host family fallback are covered before image promotion.
  • Changed AWS promoted image records to be scoped by target, architecture, server type, and region so macOS AMIs do not become the default image for Linux or Windows leases.
  • Changed native checkpoint records to preserve the source provider server type so macOS snapshot forks reuse the matching EC2 Mac host family unless --type is explicitly overridden.
  • Changed AWS macOS instance fallback candidates to include current Apple silicon Mac host families before the legacy mac1.metal fallback.
  • Changed EC2 Mac Dedicated Host quota checks to use direct Service Quotas lookups for known Mac host families before falling back to broader quota listing.
  • Changed the macOS host preflight and image lifecycle smoke to use the provider-neutral admin host/provider commands and CRABBOX_HOST_ID when pinning leases to an allocated host.
  • Changed the macOS image lifecycle smoke artifact to include the coordinator provider identity used for IAM remediation.
  • Changed macOS image lifecycle smoke blocker commands to use portable evidence filenames with the guarded IAM apply helper for coordinator permission remediation.
  • Changed macOS image lifecycle smoke summaries to record artifact-relative evidence paths so published bundles do not expose local checkout paths.
  • Changed macOS image lifecycle blocked summaries to include a blocker.reason alias for automation that expects a short blocker reason.
  • Changed standalone macOS host region preflight blockers to use the guarded IAM apply helper instead of manual account-match shell snippets.
  • Updated Go provider SDKs and Worker runtime/toolchain dependencies.
  • Documented the AWS account-match and IAM remediation flow for attaching the combined macOS image lifecycle policy to the coordinator role or user.
  • Clarified the EC2 Mac host IAM policy, including create-time tag permissions, Dedicated Mac host quota checks, and the split between baseline AWS provider permissions and paid macOS image bake, WebVNC, promotion, and cleanup permissions.
  • Clarified AWS security guardrail docs so IAM Access Analyzer external-access analyzers are created in every configured capacity region, while S3 Block Public Access and IAM password policy remain account-level controls.

Fixed

  • Fixed code-scanning findings in container command execution, Worker sanitizers, docs link/build helpers, and JSON error responses.
  • Fixed live smoke scripts so provider-specific missing workflow, snapshot, CLI, Python client, or Semaphore config prerequisites fail before allocating resources, and added Sprites coverage to the live provider smoke.
  • Fixed live coordinator auth smoke so GitHub-authenticated coordinator identities are accepted and Cloudflare Access credential gaps print an actionable prerequisite error.
  • Fixed raw SSH-provider JS package command failures so Crabbox probes obvious pnpm, npm, node, corepack, yarn, and bun entrypoints before syncing and fails with hydration/setup guidance instead of an empty exit 127 tail.
  • Fixed crabbox webvnc --open so opened portal links make the lease visible to authenticated org users instead of showing a misleading 404 when CLI auth and browser auth differ.
  • Fixed WebVNC portal click forwarding so controller clicks reach the remote desktop while preserving focus and browser context-menu suppression.
  • Fixed WebVNC --take-control handoff links so the portal keeps retrying the automatic control claim until the opened viewer is registered as an observer.
  • Fixed remote macOS screenshots so crabbox screenshot captures the Screen Sharing/VNC framebuffer instead of relying on screencapture from non-interactive SSH sessions.
  • Fixed remote macOS screenshots against no-auth VNC servers by reading the RFB 3.8 security result before framebuffer negotiation.
  • Fixed brokered AWS macOS launches so stale host ids, missing Mac hosts, regional AMI gaps, and unavailable default Mac capacity can fall back to usable host, region, image, or alternate Mac host family candidates.
  • Fixed brokered AWS macOS launches so newer mac-m* Mac host fallback candidates resolve macOS 15 AMIs instead of reusing the earlier Apple silicon macOS 14 AMI query.
  • Fixed coordinator-backed macOS lease reuse so follow-up run, sync, and image smoke commands use the brokered /Users/ec2-user/crabbox work root instead of Linux's /work/crabbox.
  • Fixed coordinator-backed macOS checkpoint metadata so an auto-discovered provider host id is preserved for snapshot forks.
  • Fixed AWS image deletion so scoped promoted macOS images cannot be deleted until another image is promoted.
  • Fixed brokered Azure leases so the CLI only sends azureOSDisk when the user explicitly configures it, preserving the coordinator default while keeping new Azure leases checkpointable by default. Thanks @jwmoss.
  • Fixed managed Windows bootstraps so native Windows leases skip desktop/VNC setup unless --desktop is requested, while WSL2 leases keep their Windows core and Linux setup paths separate. Thanks @jwmoss.
  • Fixed macOS image lifecycle cleanup and release paths so script-allocated hosts and local WebVNC daemons are stopped after source-only, candidate-only, blocked, partial, and completed runs.
  • Fixed macOS image lifecycle cleanup so script-allocated EC2 Mac Dedicated Hosts are released from failure traps when host release is requested.
  • Fixed EC2 Mac Dedicated Host allocation and release handling so paid host IDs returned by AWS are not retried in another availability zone after post-allocation describe failures, and failed ReleaseHosts results are surfaced instead of reported as released.
  • Fixed macOS image lifecycle region-preflight blockers so they preserve guarded IAM helper remediation commands from the region preflight evidence instead of falling back to manual account-match snippets.
  • Fixed macOS image lifecycle and host-region preflight blockers so remediation commands use neutral crabbox commands and the guarded IAM apply helper instead of embedding local binary paths, checkout paths, or manual account-match snippets.
  • Fixed macOS image lifecycle blocked summaries so quota preflight failures, EC2 Mac host dry-run IAM failures, rerun commands, and short blocker.reason aliases are preserved in evidence.
  • Fixed macOS image lifecycle evidence and artifact summaries so paths are only populated after the matching files or directories are captured.
  • Fixed EC2 Mac host dry-run JSON output so AWS authorization failures do not expose raw provider error details in operator logs.
  • Fixed EC2 Mac host quota checks so unsupported regional Mac quota resources return an empty quota result instead of a 502 preflight error.
    -...
Read more

v0.14.0

Choose a tag to compare

@github-actions github-actions released this 15 May 18:08
v0.14.0
2a1ef0d

0.14.0 - 2026-05-15

Added

  • Added crabbox admin lease-audit so operators can compare expired brokered AWS lease records against live cloud instance state and fail automation when a record still maps to a live instance.
  • Added crabbox checkpoint native disk-snapshot checkpoints for brokered AWS, Azure, and GCP Linux leases, optional provider image checkpoints via --strategy image, local workspace archives for generic POSIX SSH leases, inspect/list/delete flows, archive restore, and checkpoint forks into fresh leases.
  • Added checkpoint audit and cleanup management with crabbox checkpoint list --verify, inspect --verify, and prune --older-than.
  • Added provider: cloudflare delegated runs for Cloudflare Containers through a Worker runner, including archive sync, warm containers, local claim cleanup, and deployment docs. Thanks @altaywtf.
  • Added Cloudflare runner deploy-smoke tooling, CI coverage for the container runner Go module, and redacted crabbox config show output for Cloudflare runner auth.
  • Added crabbox list --refresh so local Cloudflare claims can be checked against live runner state on demand.
  • Added brokered provider snapshot/image deletion for AWS EBS snapshots and AMIs, Azure managed disk snapshots and managed images, and GCP disk snapshots and machine images.
  • Added Modal and Tensorlake to the top-level provider docs and delegated sandbox configuration examples. Thanks @stainlu.
  • Added provider feature flags for workspace checkpoint, fork, restore, and native snapshot capabilities. Thanks @stainlu.

Changed

  • Improved checkpoint documentation with clearer native vs archive distinction, workflow mechanics, security warnings, and command reference examples.

Fixed

  • Fixed Code bridge upstream URL handling so browser-controlled paths cannot select a non-loopback upstream target, and clamped CRABBOX_AWS_ROOT_GB parsing to valid int32 values.
  • Fixed crabbox admin lease-audit --fail-on-live so recently terminated AWS instances returned by DescribeInstances do not fail cleanup automation as live resources.
  • Fixed checkpoint archive restores so large archives stream over SSH without buffering the full tarball in memory and unpack through a per-restore remote temp file. Thanks @stainlu.
  • Fixed Daytona toolbox archive sync so failed remote extracts still remove the uploaded /tmp/crabbox-*.tgz archive. Thanks @stainlu.
  • Fixed Islo exec-upload fallback cleanup so failed archive decodes or extracts still remove temporary upload files. Thanks @stainlu.
  • Fixed Cloudflare runner URL validation so configured runner URLs cannot include query or fragment components that corrupt API request paths. Thanks @stainlu.
  • Fixed Cloudflare stop so missing runner containers prune their stale local claims instead of leaving users to run cleanup manually. Thanks @stainlu.
  • Fixed the Crabbox plugin provider schema so current providers and aliases such as modal, tensorlake, and cf can be selected. Thanks @stainlu.
  • Fixed coordinator TTL cleanup so provider deletion failures keep leases active with retry metadata instead of silently expiring while cloud instances continue running.
  • Fixed direct AWS security-group maintenance so stale Crabbox-owned SSH ingress rules are pruned before adding the current source CIDRs.
  • Fixed E2B sync cleanup so remote upload archives are removed even when extraction fails. Thanks @stainlu.
  • Fixed Hetzner Cloud server-list parsing so private_net arrays from the API no longer break list, doctor, warmup, or reused-run flows. Thanks @muqsitnawaz.
  • Fixed installed tagged builds so crabbox --version and proof metadata report the Go module build version instead of the development fallback. Thanks @stainlu.
  • Fixed Modal sync cleanup so remote upload archives are removed even when extraction fails. Thanks @stainlu.
  • Fixed native provider checkpoint creation so AWS, Azure, and GCP snapshot/image checkpoints flush source filesystem writes before calling the provider API.
  • Fixed crabbox actions hydrate --id tbx_... so Blacksmith Testbox IDs skip owned-cloud runner registration instead of failing on GitHub self-hosted-runner permissions.
  • Fixed Tensorlake timing JSON so delegated runs include the lease slug and reused sandboxes preserve the stored claim slug. Thanks @stainlu.
  • Fixed Tensorlake workdir validation so broad sandbox paths are rejected before sync or command execution. Thanks @stainlu.

v0.13.0

Choose a tag to compare

@github-actions github-actions released this 13 May 18:28
v0.13.0
eb66107

0.13.0 - 2026-05-13

Added

  • Added provider: modal delegated runs for Modal Sandboxes through the local Modal Python client, including archive sync, env allowlist forwarding, docs, and no-live-credential tests.
  • Added crabbox run --full-resync / --fresh-sync to reset stale remote workdirs before syncing, plus --env-helper for reusable profile-backed env wrappers on POSIX SSH leases.
  • Added native Windows support for crabbox run --script / --script-stdin and a real native Windows --preflight probe.
  • Added configurable crabbox run --preflight tool probes via --preflight-tools, CRABBOX_PREFLIGHT_TOOLS, and run.preflightTools.

Changed

  • Improved sync and SSH watchdog output so long quiet syncs and dead SSH waits include concrete retry/replace hints.
  • Clarified hosted broker access for non-allowlisted users and documented the minimum self-hosted broker setup. Thanks @alan-mathison-enigma.

Fixed

  • Fixed AWS broker security-group maintenance so stale Crabbox-owned SSH ingress rules are pruned before adding the current source CIDRs. Thanks @obviyus.
  • Fixed Proxmox VM bootstrap to wait for the guest IP and bootstrap over SSH after clone/start, avoiding fragile guest-agent exec behavior. Thanks @mine-13-zoom.
  • Fixed AWS Windows WSL2 exact --type requests so instance families without nested virtualization fail before leasing with a targeted repair hint.
  • Fixed coordinator-backed AWS acquisition so readiness failures delete the just-created instance before retrying, while CLI retries still require an explicit cleanup signal.
  • Fixed coordinator-backed acquisition so repeated confirmed stale AWS instance cleanups get a larger retry budget instead of failing after the second stale instance.
  • Fixed crabbox code on leases that fall back from SSH port 2222 to 22, and improved foreground tunnel startup errors to include SSH failure details.
  • Fixed crabbox run --preflight --preflight-tools none so it prints only the workspace summary without running remote probes.
  • Fixed native Windows crabbox run --preflight so user and cwd diagnostics are always printed alongside configurable tool probes.
  • Fixed native Windows --script and --env-from-profile uploads so non-ASCII PowerShell source and profile values stay UTF-8 under Windows PowerShell.
  • Fixed native Windows --env-from-profile uploads so allowed profile values are written relative to the synced workdir and failures include the remote PowerShell error.