Skip to content

Releases: openclaw/crabbox

v0.12.0

Choose a tag to compare

@github-actions github-actions released this 12 May 06:47
v0.12.0
2e842f8

0.12.0 - 2026-05-12

Added

  • Added Azure native Windows desktop/VNC and Windows WSL2 lease support, matching the AWS Windows capability boundary. Thanks @jwmoss.
  • Added provider: proxmox for direct Proxmox VE Linux QEMU VM leases, including template clone, cloud-init SSH key injection, guest-agent bootstrap, docs, and cleanup support.
  • Added provider: tensorlake delegated runs for Tensorlake Firecracker sandboxes through the tensorlake CLI, including archive sync, env allowlist forwarding, docs, and live-provider coverage. Thanks @zozo123.
  • Added crabbox run --preflight, --capture-stderr, automatic failure bundles, env-forwarding summaries, and CRABBOX_PHASE:<name> timing markers for easier live/provider run debugging.
  • Added crabbox run --keep-on-failure so failed one-shot runs can leave the exact lease available for SSH inspection until idle/TTL expiry.
  • Added crabbox run --script <file> and --script-stdin so larger remote commands can be uploaded and executed as files instead of quoted shell strings.
  • Added crabbox run --env-from-profile <file> and repeatable --allow-env <name> for redacted, first-class live-secret forwarding from local profile files.
  • Added crabbox run --fresh-pr <owner/repo#number> for fresh remote GitHub PR checkouts, with optional --apply-local-patch.
  • Added crabbox azure login so direct Azure users can persist the active az login subscription, tenant, and location without manually exporting service-principal environment variables. Thanks @galiniliev.
  • Added azure.network / CRABBOX_AZURE_NETWORK so Azure direct leases can SSH through private VNet addresses when using VPN/private-network access. Thanks @galiniliev.
  • Added scripts/proxmox-build-template.sh to build a Crabbox-ready Ubuntu 24.04 Proxmox template from a public cloud image. Thanks @VACInc.

Changed

  • Changed sync guardrails to count the dirty delta when local changes are present while still printing the full candidate size, making dirty-worktree iteration less noisy.
  • Expanded default sync excludes for common generated churn such as .ignored, .vite, playwright-report, test-results, and local .crabbox log/capture directories, and added top-directory hints for large sync candidates.
  • Changed automatic failure-bundle stdout/stderr capture to cap implicit temp logs while still allowing explicit --capture-stdout / --capture-stderr files for full local streams.
  • Documented --fresh-pr ... --apply-local-patch as the preferred fast path for PR iteration from noisy local checkouts.
  • Documented Azure CLI login setup, private-network SSH selection, and regional constraints for reused Azure VNet/subnet/NSG resources. Thanks @galiniliev.
  • Clarified that Blacksmith delegated runs cannot forward CLI-side --env-from-profile values and should use workflow-side secrets.
  • Documented Islo's islo ssh --setup host-alias flow for ad-hoc SSH access to Islo sandboxes. Thanks @zozo123.

Fixed

  • Fixed shared-token coordinator auth so caller-supplied X-Crabbox-Owner and X-Crabbox-Org headers cannot select the authenticated owner/org. Thanks @Hinotoi-agent.
  • Fixed Code, WebVNC, and Egress bridge ticket creation so use-shared lease users cannot mint lease-side bridge-agent tickets without manage access. Thanks @Hinotoi-agent.
  • Fixed repo-local env.allow: ["*"] so it no longer forwards every local environment variable to remote commands. Thanks @Hinotoi-agent.
  • Fixed Windows SSH sync by disabling unsupported OpenSSH ControlMaster multiplexing and preferring WSL rsync/path conversion when available. Thanks @galiniliev.
  • Fixed Tensorlake slug resolution so stale claims from other providers cannot shadow an active Tensorlake sandbox slug.
  • Fixed Sprites and Namespace Devbox work-root validation so broad roots are rejected before create/prepare flows. Thanks @stainlu.
  • Fixed Sprites list pagination so missing or repeated continuation tokens fail instead of spinning or accepting malformed pages. Thanks @stainlu.
  • Fixed Namespace Devbox prepare error reporting so prepare failures are not hidden behind earlier SSH config fallback errors. Thanks @stainlu.

v0.11.0

Choose a tag to compare

@github-actions github-actions released this 11 May 03:14
v0.11.0
b194d4a

0.11.0 - 2026-05-11

Added

  • Added crabbox job list/run and repo-local jobs: config for named warmup → Actions hydrate → run → cleanup workflows.
  • Added Daytona and Namespace Devbox lanes to scripts/live-smoke.sh so delegated live smoke coverage can run through the shared harness.
  • Added provider: gcp for Google Cloud Compute Engine Linux SSH leases, including direct ADC auth, brokered service-account auth, class fallback, Spot/on-demand fallback, docs, and cleanup support.
  • Added crabbox cleanup --provider namespace-devbox to remove Crabbox-owned Namespace SSH snippets and keys.
  • Added scripts/openclaw-wsl2-tests.sh for one-command OpenClaw full-suite runs on AWS Windows WSL2 Crabbox leases.

Changed

  • Aligned direct GCP provisioning with Google's official Compute Go SDK (cloud.google.com/go/compute/apiv1) and project-wide aggregated instance discovery.
  • Moved OpenClaw Blacksmith Testbox run safeguards into Crabbox, including one-shot slug reporting and stalled sync termination.
  • Improved crabbox media preview and artifacts collect --gif defaults to generate higher-quality 1000px/24fps GIFs with Floyd-Steinberg palette dithering and optional gifsicle optimization. Thanks @obviyus.

Fixed

  • Fixed the Blacksmith Testbox sync-stall guard to match current blacksmith CLI sync start and completion messages.
  • Fixed GCP leases so exact --type requests still use configured zone and Spot-to-on-demand fallback, aliases derive GCP class defaults, explicit brokered tags replace Worker default tags, custom networks and ingress policies get separate SSH firewall rules, and brokered pool views include instances outside the Worker's default zone.
  • Fixed crabbox actions hydrate/register so AWS Windows WSL2 leases can use Linux GitHub Actions hydration instead of being rejected as Windows targets, including root-runner and stale apt-list handling.
  • Fixed scripts/openclaw-wsl2-tests.sh so follow-up hydrate/run/cleanup commands keep the AWS Windows WSL2 target configuration and warmup failures print captured output.
  • Fixed scripts/openclaw-wsl2-tests.sh so dirty-sync package graph changes refresh workspace dependencies before the full OpenClaw test command runs.
  • Fixed first crabbox run syncs after GitHub Actions hydration so tracked checkout files are not treated as stale remote files before the initial dirty-worktree sync.
  • Fixed crabbox run history finish recording to allow large final log payloads enough time to reach the coordinator.
  • Fixed Namespace Devbox release-only resolution so crabbox stop --provider namespace-devbox --namespace-delete-on-release <name> deletes without re-preparing SSH.
  • Fixed Namespace Devbox release cleanup so stopping a Crabbox Devbox removes its local ~/.namespace/ssh/crabbox-* snippet and key files.
  • Fixed crabbox webvnc daemon start so it starts with a fresh bridge log and waits briefly for the bridge-ready marker before returning.

v0.10.0

Choose a tag to compare

@github-actions github-actions released this 10 May 07:35
v0.10.0
ff45867

Added

  • Added crabbox run --capture-stdout <path> and repeatable --download remote=local for binary-safe proof capture without streaming arbitrary bytes into the terminal or run-log previews.
  • Added crabbox desktop terminal for visible terminal smokes, including Sixel-friendly Git-for-Windows mintty launch defaults on native Windows.
  • Added crabbox desktop record plus desktop terminal --screenshot/--record for one-command visual proof capture, including native Windows MP4 recording through interactive desktop frames.
  • Added automatic contact-sheet PNGs for desktop recordings, crabbox desktop proof for one-shot visual proof bundles, recorder diagnostics, and direct PR publishing from terminal/proof captures.

Changed

  • Updated docs for output capture, desktop terminal/proof capture, Windows desktop bootstrap, artifact contact sheets, and managed-provider readiness checks.
  • Reworked the WebVNC share dialog into an inline Google-style sharing flow with add-user, org access, copy-link, and done actions.

Fixed

  • Fixed delegated run providers so unsupported --capture-stdout and --download requests fail instead of streaming stdout and skipping downloads.
  • Fixed E2B sandbox creation so Crabbox caps default lease timeouts to E2B's one-hour API limit instead of failing live smoke warmups.
  • Fixed crabbox run output capture validation so malformed --download specs, bad download destinations, and bad --capture-stdout paths fail before leasing, syncing, or running remotely.
  • Fixed interrupt handling so a second Ctrl-C can terminate slow cleanup after the first signal starts graceful cancellation.
  • Fixed crabbox doctor --provider ... so coordinator secret readiness checks only run for managed brokered providers.
  • Fixed crabbox desktop terminal --provider ssh -- ... so static SSH command arguments are not consumed as lease IDs.
  • Fixed crabbox run --capture-stdout so local capture write failures report as capture errors instead of remote command exits.
  • Fixed brokered provider preflight so crabbox doctor --provider azure reports missing Worker secrets and lease creation returns provider_not_configured instead of a coordinator 500.
  • Fixed interrupted one-shot runs so SIGINT/SIGTERM cancel through the CLI context and still run best-effort lease cleanup.
  • Fixed SSH readiness progress logs to include per-port probe state in timeout errors.
  • Fixed managed AWS Windows desktop bootstrap so WebVNC/screenshot targets start TightVNC reliably and screenshots are not covered by Windows' first-network flyout.
  • Fixed Windows desktop launch argument handling so terminal commands such as bash -lc '...' and other quoted GUI launches are passed losslessly.
  • Fixed the source-built CLI version so unreleased local builds no longer report the previous release.

v0.9.0

Choose a tag to compare

@github-actions github-actions released this 10 May 01:12
v0.9.0
b5a3561

Added

  • Added provider: sprites for Sprites microVM SSH leases through the sprite CLI/API, including Crabbox sync/run, crabbox ssh, and live smoke docs.
  • Added provider: namespace-devbox for Namespace Devbox SSH leases through the devbox CLI, with Crabbox sync/run layered on the returned SSH endpoint.
  • Added live smoke checklists and script coverage for direct E2B and Semaphore provider validation. Thanks @stainlu.

Changed

  • Updated Worker runtime dependencies and Go provider SDKs, including noVNC, fast-xml-parser, AWS EC2, Daytona, Islo, and related Go runtime libraries.

Fixed

  • Fixed signed portal user tokens so caller-provided admin claims are rejected instead of granting admin access. Thanks @Hinotoi-agent.
  • Fixed Islo workdir containment so absolute paths and parent-directory escapes are rejected before sandbox creation, sync, or run. Thanks @Hinotoi-agent.
  • Fixed Islo archive sync uploads to use the API's multipart file contract instead of falling back after server-side 500 responses.
  • Fixed Semaphore host configuration so dashboard URLs normalize to hosts while API paths, query strings, fragments, and user info are rejected. Thanks @stainlu.
  • Fixed WebVNC portal input focus so controller typing stays in the remote desktop and right-clicks no longer open the browser context menu.
  • Fixed Semaphore list output so locally claimed jobs show their lease slugs.
  • Fixed E2B relative workdirs so they resolve under the configured E2B user's home instead of always /home/user.
  • Fixed E2B workspace guardrails so broad roots such as /, /home, and /tmp are rejected before sync creates, deletes, or extracts files.
  • Fixed E2B sandbox creation so unsafe workdirs are rejected before the API call. Thanks @stainlu.
  • Fixed E2B user validation so path-like users are rejected before sandbox or process calls. Thanks @stainlu.
  • Fixed stale Code, WebVNC, and egress bridge clients so expired or missing leases stop polling/restarting after terminal coordinator responses. Thanks @vincentkoc.
  • Fixed crabbox desktop paste for terminal windows so symbol-heavy text falls back to direct typing instead of sending a literal Ctrl+V into xterm-like sessions.
  • Removed the vulnerable transitive fast-xml-builder Worker dependency by updating fast-xml-parser.

v0.8.0

Choose a tag to compare

@github-actions github-actions released this 09 May 05:58
v0.8.0
5c88471

Added

  • Added provider: azure for managed Azure Linux and native Windows SSH leases, including direct and brokered provisioning, shared Azure networking, SKU fallback, Azure docs, and cleanup support. Thanks @jwmoss.
  • Added provider: e2b for delegated E2B sandbox runs using E2B sandbox REST/envd APIs. Thanks @zozo123.
  • Added provider: semaphore for direct Semaphore CI testbox leases over SSH. Thanks @loadez.
  • Added an authenticated coordinator control WebSocket for low-latency run attach streams and lease heartbeats, with HTTP polling/heartbeat fallback for older brokers. Thanks @vincentkoc.
  • Added rescue-first desktop/WebVNC failure output that names the failing layer and prints exact rescue: or native VNC fallback commands when bridges, viewers, browser launches, VNC targets, or input stacks hang.
  • Added collaborative WebVNC observer mode, with one active controller, read-only observers, and a portal takeover button that shows who is controlling the session.
  • Added first-class crabbox artifacts commands for desktop screenshots, MP4 recordings, trimmed GIFs, logs, metadata, Mantis/OpenClaw QA templates, and PR-ready publishing through broker-owned artifact storage, AWS S3, or Cloudflare R2.

Changed

  • Expanded Semaphore and E2B documentation across provider, configuration, CLI, and command pages so direct providers have first-class setup, auth, lifecycle, and troubleshooting guidance.
  • Changed crabbox attach to prefer the coordinator control WebSocket, drain retained backlog pages, and then stream live run output with less polling latency.
  • Changed WebVNC portal sharing to open as an in-session modal, added a standalone share-page back action, and simplified collaboration controls into a single stateful control button.
  • Raised the Go core coverage gate to 90% and added regression coverage around provider claims, config parsing, bootstrap defaults, run-log previews, and slug fallbacks.

Fixed

  • Fixed the portal provider filters so Azure leases show their own filter badge and provider icon. Thanks @stainlu.
  • Fixed Azure broker SSH security rules so repeated primary/fallback SSH ports are de-duplicated before writing network security group rules.
  • Fixed crabbox run transport chatter by keeping SSH multiplexers alive longer, retrying fallback SSH ports for streaming commands, and batching stdout/stderr preview events into larger coordinator chunks. Thanks @vincentkoc.
  • Fixed macOS WebVNC cursor visibility by enabling noVNC's dot-cursor fallback when Screen Sharing sends a transparent or zero-sized cursor.
  • Fixed managed AWS macOS bootstrap so VNC password generation does not abort under pipefail before Screen Sharing readiness is installed.
  • Fixed WebVNC daemon start-by-slug so coordinator-backed leases use the resolved target OS in the background bridge command.
  • Fixed coordinator-backed crabbox list so a stale admin token no longer blocks normal logged-in users; the CLI now falls back to active user-visible leases instead of failing with 401 unauthorized.
  • Fixed desktop, screenshot, VNC, and WebVNC SSH helpers so they retry live fallback ports when a coordinator lease advertises an SSH port that is not ready yet.

Fixed

  • Fixed stale Code, WebVNC, and egress bridge clients so expired or missing leases stop polling/restarting after terminal coordinator responses. Thanks @vincentkoc.

Fixed

  • Fixed Blacksmith Testbox shell command rendering so multiline --shell payloads with trailing blank whitespace do not produce a spurious shell syntax failure after the remote command succeeds.

v0.7.0

Choose a tag to compare

@github-actions github-actions released this 07 May 12:52
770920e

Added

  • Added mediated egress commands and browser wiring so Linux desktop leases can proxy selected app traffic through the operator machine via the coordinator bridge.
  • Added WebVNC portal clipboard controls for sending local clipboard text into the remote session and copying remote clipboard text back to the local browser.
  • Added lease sharing for individual users or the owning org, including crabbox share, crabbox unshare, API access checks, and a portal share control on lease detail pages.

Fixed

  • Fixed egress start --coordinator so live public-route egress starts work when the local default coordinator is Cloudflare Access-protected.
  • Fixed Tailscale exit-node bootstrap paths to prefer tailnet metadata and fail clearly when remote exit-node egress is not active.
  • Fixed run --no-sync timing summaries so they report sync_skipped=true.
  • Fixed native Windows command output so first-use PowerShell progress records do not leak CLIXML into run logs.
  • Fixed Islo provider sync so crabbox run --provider islo uploads the local workspace, uses the correct /workspace/<workdir>, and falls back to chunked exec upload while the archive API returns server errors.
  • Fixed Code and WebVNC bridge websocket auth so upgraded brokers receive short-lived bridge tickets in the Authorization header instead of logging them in URL query strings, while preserving query fallback for older brokers.
  • Fixed managed AWS macOS desktop leases so readiness and WebVNC use a writable ec2-user work root, call crabbox-ready by absolute path, and read the generated Screen Sharing password via sudo.

v0.6.0

Choose a tag to compare

@github-actions github-actions released this 06 May 23:46
v0.6.0
e82281f

Added

  • Added provider: daytona for Daytona sandbox leases using Daytona's SDK/toolbox for sync and command execution, with short-lived SSH access available through crabbox ssh.
  • Added Daytona CLI profile auth fallback so daytona login --api-key ... can satisfy Crabbox Daytona auth without duplicating DAYTONA_API_KEY.
  • Added provider: islo for delegated Islo sandbox runs using the Islo Go SDK.
  • Added a provider backend registry and authoring guide so delegated and SSH-backed providers can live in provider-owned packages while core keeps command parsing, rendering, and capability validation.
  • Added --tailscale-exit-node and --tailscale-exit-node-allow-lan-access so managed Linux leases can route egress through an approved tailnet exit node.
  • Added broker capacity hints for AWS leases, including selected market, attempted regions, quota/capacity advice, and configurable high-pressure class warnings.
  • Added crabbox code and per-lease /code/ portal URLs for authenticated code-server access on --code Linux leases.
  • Added per-lease portal detail pages with bridge status, access-panel copy commands, recent run links, and a stop action.
  • Added portal run detail pages with command metadata, result summaries, dense viewport-fitted portal tables, provider/OS badges, active/ended/provider/target filters, sticky portal chrome, and copyable retained log previews.
  • Added latest lease telemetry snapshots for coordinator-backed Linux leases, including load, memory, disk, and uptime in status --json and the portal detail view.
  • Added bounded lease telemetry history with portal sparklines and stale/high-resource badges on lease detail pages.
  • Added run-level telemetry summaries with start/end Linux resource snapshots in run history JSON, human history output, and portal run tables/details.
  • Added live run telemetry samples for longer Linux commands, including bounded coordinator storage and portal load/memory/disk trend lines on run detail pages.
  • Added portal visibility for external Blacksmith Testbox runners synced from crabbox list --provider blacksmith-testbox, with owner-scoped runner rows, stale markers, GitHub Actions links, status badges, stuck filters, detail pages, and copyable local stop commands.
  • Added admin portal visibility for non-owned runner leases, including mine/system filters and matching detail/code/VNC drilldowns for operator sessions.
  • Added crabbox desktop launch --webvnc --open to launch a desktop browser/app and immediately bridge the same lease into the WebVNC portal.
  • Added crabbox webvnc --daemon/--background plus --status/--stop for background WebVNC bridges without tmux.
  • Added crabbox media preview for creating motion-trimmed GIF previews and optional trimmed MP4 clips from desktop recordings.
  • Documented the prebaked runner image boundary: provider-owned AMIs/snapshots hold machine capabilities while repo/runtime caches stay in QA workflows or warm leases.

Changed

  • Changed AWS capacity fallback to route configured CRABBOX_CAPACITY_REGIONS across both brokered and direct AWS launches, with the deployed coordinator defaulting to a wider multi-region pool for better headroom.
  • Changed coordinator lease requests to omit the default capacity block, preserving mixed-version broker compatibility while still sending explicit market, strategy, fallback, multi-region, availability-zone, or hint opt-out settings.
  • Changed coordinator-backed CLI lease output to print broker capacity hints when AWS routing, quota, Spot fallback, or configured high-pressure classes are involved.
  • Changed the portal lease table to merge external Blacksmith Testbox runners into the main grid as muted, disabled rows instead of rendering a separate external-runners table.
  • Refactored built-in provider backend implementations into internal/providers/<name> packages while keeping command orchestration and rendering core-owned.

Fixed

  • Fixed Daytona SDK sync so tar creation and Daytona toolbox upload stream from disk instead of buffering large archives in memory.
  • Fixed Daytona resource override handling so snapshot-only sandboxes reject generic --class and --type flags instead of accepting no-op compute settings.
  • Fixed Islo delegated runs so shell-mode commands preserve raw shell strings and truncated exec streams fail instead of silently reporting success.
  • Fixed provider-owned flags and target/capability validation to run through registered provider specs while preserving script-facing list JSON compatibility for coordinator and Blacksmith backends.
  • Fixed Blacksmith Testbox queued/outage failures so users see the upstream queue state and practical fallback guidance instead of an opaque timeout.
  • Fixed Blacksmith Testbox repo inference for mirrored repositories and portal runner sync for stale or external Testbox rows.
  • Fixed managed Linux desktop/browser leases to preinstall video capture and native addon build helpers, avoiding per-scenario apt installs in browser QA runs.
  • Fixed managed Linux desktop leases to use a slim XFCE session instead of bare Openbox, preserving a real panel/window-manager desktop while avoiding the full XFCE meta package.
  • Fixed SSH readiness progress logs to distinguish open TCP ports, failed SSH authentication, and failed Crabbox ready checks.
  • Fixed auto-shell command reconstruction so arguments with spaces stay quoted when shell operators such as && are present.
  • Fixed managed Linux bootstrap ordering so SSH is reachable before slow desktop/browser package setup while readiness still waits for the full desktop/browser contract.
  • Fixed managed desktop/browser warmups so slow cloud-init bootstraps get a longer readiness window, retry once after SSH timeout, and clean up failed leases instead of leaking unusable VMs.
  • Fixed brokered cloud server names so friendly-slug collisions with stale provider VMs do not block new leases.
  • Fixed human WebVNC desktop launches to keep browser windows windowed by default and reserve fullscreen for explicit capture/video workflows.
  • Fixed WebVNC portal status text and bridge commands so waiting/reset states explain the exact local bridge command to run.
  • Fixed the Code portal waiting state so it shows bridge status, copy/reload controls, and automatically opens the workspace once the local bridge connects.
  • Fixed crabbox webvnc --stop so daemon shutdown terminates the active child bridge, not only the supervisor.
  • Fixed portal command rows so their copy affordance copies the matching local command instead of only labelling the section.
  • Fixed portal Windows target badges to show compact win and win (wsl2) labels instead of windows / normal.
  • Fixed portal access and time columns to use compact capability icons, relative time labels, and sortable time metadata instead of wide action buttons and Zulu timestamps.
  • Fixed lease detail layout so local commands live inside the access panel instead of forcing a separate full-width commands section above recent runs.
  • Fixed portal run detail layout density, responsive action alignment, and run telemetry readability so long-lived run pages fit operator viewports cleanly.
  • Fixed generated docs-site navigation so the sidebar scroll position is preserved while moving between pages.
  • Fixed Windows WebVNC credential handling so generated portal links preserve special characters and managed TightVNC sessions copy service passwords into the logged-in user's registry profile.
  • Fixed managed Linux browser setup so Chrome/Chromium launches skip first-run and default-browser prompts.
  • Fixed managed Linux browser cloud-init setup so Chrome/Chromium policy and wrapper generation cannot break YAML parsing.
  • Fixed WebVNC portal passwords with escaped special characters and kept the bridge alive across viewer resets and transient coordinator EOFs.

v0.5.1

Choose a tag to compare

@github-actions github-actions released this 05 May 02:10
v0.5.1
957b836

Added

  • Added .crabboxignore for repo-local sync-only exclude patterns shared by run and sync-plan.
  • Added WebVNC portal controls for reconnect, fullscreen, and clipboard-ready bridge commands.

Fixed

  • Fixed managed AWS Windows WSL2 bootstrap by using the current Ubuntu WSL rootfs URL, downloading large rootfs files through curl.exe, and retrying empty or partial rootfs downloads instead of reusing a poisoned tarball. Thanks @vincentkoc.
  • Fixed AWS Windows WSL2 mode overrides so they refresh the default instance type to a nested-virtualization-capable family. Thanks @steipete.
  • Fixed AWS Windows WSL2 runs so mode overrides also refresh the default work root to /work/crabbox while keeping WSL2 sync on the fast rsync path.
  • Fixed remote git seeding so an unfetchable local commit cannot leave an empty .git worktree that makes sync sanity report every tracked file as deleted.
  • Skipped remote git seeding for local commits that are not present in any remote-tracking ref, avoiding slow doomed clone/fetch attempts before rsync.
  • Fixed WebVNC bridge reconnects so reloading or reconnecting the browser no longer requires restarting the local bridge.
  • Fixed Windows archive sync from macOS so Apple extended attributes do not spam remote tar warnings.
  • Fixed the Homebrew formula test command so GoReleaser emits the expected formula syntax.

v0.5.0

Choose a tag to compare

@github-actions github-actions released this 04 May 22:45
v0.5.0
7f95ff7

Added

  • Added --desktop, --browser, and crabbox vnc for optional Linux UI/browser leases, including loopback-only VNC with per-lease passwords and headless browser support without a desktop.
  • Added authenticated WebVNC portal support with crabbox webvnc, which bridges a desktop lease into the coordinator portal with short-lived bridge tickets and without exposing the remote VNC port.
  • Added managed AWS Windows desktop leases with OpenSSH, Git for Windows, loopback TightVNC, per-lease VNC passwords, and crabbox vnc.
  • Added managed AWS Windows WSL2 support for Linux command execution inside brokered Windows leases.
  • Added AWS macOS desktop lease plumbing for EC2 Mac Dedicated Hosts, including Screen Sharing setup and per-lease credentials.
  • Added crabbox vnc --open to start the SSH tunnel and launch the local VNC client for managed desktop leases.
  • Added crabbox desktop launch to open a browser or app inside a visible desktop lease, including native Windows scheduled-task launch for the logged-in console session.
  • Added crabbox screenshot to save a PNG from a desktop lease without opening a VNC client.
  • Added optional Tailscale reachability for managed Linux leases with --tailscale, --network auto|tailscale|public, brokered OAuth auth-key minting, and non-secret tailnet metadata in status/inspect output.
  • Added static macOS/Windows VNC endpoint discovery, including SSH-tunneled loopback VNC and trusted static direct VNC on host:5900.
  • Added generated Windows console login details and auto-logon for managed AWS Windows desktop leases.
  • Added a minimal XFCE desktop profile with panel/window manager for managed VNC leases.
  • Added generated command help for grouped commands so crabbox actions --help, crabbox cache --help, crabbox desktop --help, and similar entrypoints exit cleanly.

Changed

  • Clarified static macOS/Windows VNC as existing-host access, not Crabbox-created boxes, so --open no longer launches an OS credential prompt unless --host-managed is passed.
  • Switched top-level CLI routing to Kong while preserving existing per-command flags, passthrough remote commands, aliases, and exit-code behavior.

Fixed

  • Fixed WebVNC portal login redirects by canonicalizing broker origins before starting the browser login flow.
  • Fixed AWS desktop provisioning and Windows SSH bootstrap issues that could leave managed desktop leases unreachable.
  • Fixed passthrough command help such as crabbox run --help so it prints local usage instead of provisioning a remote lease.
  • Fixed crabbox desktop launch --browser on freshly warmed desktop leases by creating the remote workdir before launching the app.
  • Fixed failed Blacksmith Testbox warmups so printed, newly listed, or delayed tbx_... boxes are stopped instead of being left queued after an upstream workflow error.
  • Fixed crabbox run --junit so all-passing JUnit files record results instead of leaving the coordinator run stuck when the failure list is empty.
  • Fixed native Windows --shell runs so multi-statement PowerShell scripts keep their quotes instead of being re-parsed by a nested PowerShell process.
  • Removed the static macOS managed-login path so static host VNC cannot be mistaken for a Crabbox-created external instance.
  • Excluded macOS AppleDouble ._* sidecar files from default sync manifests so native Windows archives do not transfer invalid TypeScript/package sidecars.
  • Quoted crabbox vnc tunnel key paths so macOS Application Support lease keys can be pasted directly into a shell.
  • Skipped Linux-only GitHub Actions hydration stop markers on native Windows static targets.
  • Fixed brokered Tailscale requests on coordinators without OAuth secrets so they fail as disabled instead of entering the auth-key minting path.
  • Fixed Worker deploy smoke to prefer the Crabbox-scoped Cloudflare token when it is present in the environment or local profile.

v0.4.0

Choose a tag to compare

@github-actions github-actions released this 03 May 19:24
v0.4.0
052a57b

Highlights

  • Added static SSH macOS and Windows targets with --target macos|windows, --windows-mode normal|wsl2, and config/env support for reusable hosts.
  • Brokered Hetzner and AWS leases now reject non-Linux targets clearly; use provider: ssh for macOS or Windows hosts.
  • Made Blacksmith live smoke explicit opt-in so the default live smoke works in repositories without a Testbox workflow.

Install

brew update
brew upgrade openclaw/tap/crabbox
# or
brew install openclaw/tap/crabbox

GoReleaser archives are attached for macOS, Linux, and Windows. See checksums.txt for SHA-256 checksums.

Verification

  • Full local gate passed: Go vet/test/race/coverage/build, Worker format/lint/typecheck/test/build, docs check, GoReleaser snapshot, and whitespace check.
  • GitHub CI passed for the release prep commit.
  • Release workflow passed and published GitHub assets plus the Homebrew formula.
  • Homebrew install/upgrade smoke passed with crabbox --version reporting 0.4.0.
  • Coordinator-backed AWS live smoke passed from the published Homebrew binary with lease cleanup verified.