Releases: openclaw/crabbox
Releases · openclaw/crabbox
Release list
v0.12.0
0.12.0 - 2026-05-12
Added
- Added Azure native Windows desktop/VNC and Windows WSL2 lease support, matching the AWS Windows capability boundary. Thanks @jwmoss.
- Added
provider: proxmoxfor direct Proxmox VE Linux QEMU VM leases, including template clone, cloud-init SSH key injection, guest-agent bootstrap, docs, and cleanup support. - Added
provider: tensorlakedelegated runs for Tensorlake Firecracker sandboxes through thetensorlakeCLI, including archive sync, env allowlist forwarding, docs, and live-provider coverage. Thanks @zozo123. - Added
crabbox run --preflight,--capture-stderr, automatic failure bundles, env-forwarding summaries, andCRABBOX_PHASE:<name>timing markers for easier live/provider run debugging. - Added
crabbox run --keep-on-failureso failed one-shot runs can leave the exact lease available for SSH inspection until idle/TTL expiry. - Added
crabbox run --script <file>and--script-stdinso larger remote commands can be uploaded and executed as files instead of quoted shell strings. - Added
crabbox run --env-from-profile <file>and repeatable--allow-env <name>for redacted, first-class live-secret forwarding from local profile files. - Added
crabbox run --fresh-pr <owner/repo#number>for fresh remote GitHub PR checkouts, with optional--apply-local-patch. - Added
crabbox azure loginso direct Azure users can persist the activeaz loginsubscription, tenant, and location without manually exporting service-principal environment variables. Thanks @galiniliev. - Added
azure.network/CRABBOX_AZURE_NETWORKso Azure direct leases can SSH through private VNet addresses when using VPN/private-network access. Thanks @galiniliev. - Added
scripts/proxmox-build-template.shto build a Crabbox-ready Ubuntu 24.04 Proxmox template from a public cloud image. Thanks @VACInc.
Changed
- Changed sync guardrails to count the dirty delta when local changes are present while still printing the full candidate size, making dirty-worktree iteration less noisy.
- Expanded default sync excludes for common generated churn such as
.ignored,.vite,playwright-report,test-results, and local.crabboxlog/capture directories, and added top-directory hints for large sync candidates. - Changed automatic failure-bundle stdout/stderr capture to cap implicit temp logs while still allowing explicit
--capture-stdout/--capture-stderrfiles for full local streams. - Documented
--fresh-pr ... --apply-local-patchas the preferred fast path for PR iteration from noisy local checkouts. - Documented Azure CLI login setup, private-network SSH selection, and regional constraints for reused Azure VNet/subnet/NSG resources. Thanks @galiniliev.
- Clarified that Blacksmith delegated runs cannot forward CLI-side
--env-from-profilevalues and should use workflow-side secrets. - Documented Islo's
islo ssh --setuphost-alias flow for ad-hoc SSH access to Islo sandboxes. Thanks @zozo123.
Fixed
- Fixed shared-token coordinator auth so caller-supplied
X-Crabbox-OwnerandX-Crabbox-Orgheaders cannot select the authenticated owner/org. Thanks @Hinotoi-agent. - Fixed Code, WebVNC, and Egress bridge ticket creation so
use-shared lease users cannot mint lease-side bridge-agent tickets without manage access. Thanks @Hinotoi-agent. - Fixed repo-local
env.allow: ["*"]so it no longer forwards every local environment variable to remote commands. Thanks @Hinotoi-agent. - Fixed Windows SSH sync by disabling unsupported OpenSSH ControlMaster multiplexing and preferring WSL rsync/path conversion when available. Thanks @galiniliev.
- Fixed Tensorlake slug resolution so stale claims from other providers cannot shadow an active Tensorlake sandbox slug.
- Fixed Sprites and Namespace Devbox work-root validation so broad roots are rejected before create/prepare flows. Thanks @stainlu.
- Fixed Sprites list pagination so missing or repeated continuation tokens fail instead of spinning or accepting malformed pages. Thanks @stainlu.
- Fixed Namespace Devbox prepare error reporting so prepare failures are not hidden behind earlier SSH config fallback errors. Thanks @stainlu.
v0.11.0
0.11.0 - 2026-05-11
Added
- Added
crabbox job list/runand repo-localjobs:config for named warmup → Actions hydrate → run → cleanup workflows. - Added Daytona and Namespace Devbox lanes to
scripts/live-smoke.shso delegated live smoke coverage can run through the shared harness. - Added
provider: gcpfor Google Cloud Compute Engine Linux SSH leases, including direct ADC auth, brokered service-account auth, class fallback, Spot/on-demand fallback, docs, and cleanup support. - Added
crabbox cleanup --provider namespace-devboxto remove Crabbox-owned Namespace SSH snippets and keys. - Added
scripts/openclaw-wsl2-tests.shfor one-command OpenClaw full-suite runs on AWS Windows WSL2 Crabbox leases.
Changed
- Aligned direct GCP provisioning with Google's official Compute Go SDK (
cloud.google.com/go/compute/apiv1) and project-wide aggregated instance discovery. - Moved OpenClaw Blacksmith Testbox run safeguards into Crabbox, including one-shot slug reporting and stalled sync termination.
- Improved
crabbox media previewandartifacts collect --gifdefaults to generate higher-quality 1000px/24fps GIFs with Floyd-Steinberg palette dithering and optional gifsicle optimization. Thanks @obviyus.
Fixed
- Fixed the Blacksmith Testbox sync-stall guard to match current
blacksmithCLI sync start and completion messages. - Fixed GCP leases so exact
--typerequests still use configured zone and Spot-to-on-demand fallback, aliases derive GCP class defaults, explicit brokered tags replace Worker default tags, custom networks and ingress policies get separate SSH firewall rules, and brokered pool views include instances outside the Worker's default zone. - Fixed
crabbox actions hydrate/registerso AWS Windows WSL2 leases can use Linux GitHub Actions hydration instead of being rejected as Windows targets, including root-runner and stale apt-list handling. - Fixed
scripts/openclaw-wsl2-tests.shso follow-up hydrate/run/cleanup commands keep the AWS Windows WSL2 target configuration and warmup failures print captured output. - Fixed
scripts/openclaw-wsl2-tests.shso dirty-sync package graph changes refresh workspace dependencies before the full OpenClaw test command runs. - Fixed first
crabbox runsyncs after GitHub Actions hydration so tracked checkout files are not treated as stale remote files before the initial dirty-worktree sync. - Fixed
crabbox runhistory finish recording to allow large final log payloads enough time to reach the coordinator. - Fixed Namespace Devbox release-only resolution so
crabbox stop --provider namespace-devbox --namespace-delete-on-release <name>deletes without re-preparing SSH. - Fixed Namespace Devbox release cleanup so stopping a Crabbox Devbox removes its local
~/.namespace/ssh/crabbox-*snippet and key files. - Fixed
crabbox webvnc daemon startso it starts with a fresh bridge log and waits briefly for the bridge-ready marker before returning.
v0.10.0
Added
- Added
crabbox run --capture-stdout <path>and repeatable--download remote=localfor binary-safe proof capture without streaming arbitrary bytes into the terminal or run-log previews. - Added
crabbox desktop terminalfor visible terminal smokes, including Sixel-friendly Git-for-Windowsminttylaunch defaults on native Windows. - Added
crabbox desktop recordplusdesktop terminal --screenshot/--recordfor one-command visual proof capture, including native Windows MP4 recording through interactive desktop frames. - Added automatic contact-sheet PNGs for desktop recordings,
crabbox desktop prooffor one-shot visual proof bundles, recorder diagnostics, and direct PR publishing from terminal/proof captures.
Changed
- Updated docs for output capture, desktop terminal/proof capture, Windows desktop bootstrap, artifact contact sheets, and managed-provider readiness checks.
- Reworked the WebVNC share dialog into an inline Google-style sharing flow with add-user, org access, copy-link, and done actions.
Fixed
- Fixed delegated run providers so unsupported
--capture-stdoutand--downloadrequests fail instead of streaming stdout and skipping downloads. - Fixed E2B sandbox creation so Crabbox caps default lease timeouts to E2B's one-hour API limit instead of failing live smoke warmups.
- Fixed
crabbox runoutput capture validation so malformed--downloadspecs, bad download destinations, and bad--capture-stdoutpaths fail before leasing, syncing, or running remotely. - Fixed interrupt handling so a second
Ctrl-Ccan terminate slow cleanup after the first signal starts graceful cancellation. - Fixed
crabbox doctor --provider ...so coordinator secret readiness checks only run for managed brokered providers. - Fixed
crabbox desktop terminal --provider ssh -- ...so static SSH command arguments are not consumed as lease IDs. - Fixed
crabbox run --capture-stdoutso local capture write failures report as capture errors instead of remote command exits. - Fixed brokered provider preflight so
crabbox doctor --provider azurereports missing Worker secrets and lease creation returnsprovider_not_configuredinstead of a coordinator500. - Fixed interrupted one-shot runs so
SIGINT/SIGTERMcancel through the CLI context and still run best-effort lease cleanup. - Fixed SSH readiness progress logs to include per-port probe state in timeout errors.
- Fixed managed AWS Windows desktop bootstrap so WebVNC/screenshot targets start TightVNC reliably and screenshots are not covered by Windows' first-network flyout.
- Fixed Windows
desktop launchargument handling so terminal commands such asbash -lc '...'and other quoted GUI launches are passed losslessly. - Fixed the source-built CLI version so unreleased local builds no longer report the previous release.
v0.9.0
Added
- Added
provider: spritesfor Sprites microVM SSH leases through thespriteCLI/API, including Crabbox sync/run,crabbox ssh, and live smoke docs. - Added
provider: namespace-devboxfor Namespace Devbox SSH leases through thedevboxCLI, with Crabbox sync/run layered on the returned SSH endpoint. - Added live smoke checklists and script coverage for direct E2B and Semaphore provider validation. Thanks @stainlu.
Changed
- Updated Worker runtime dependencies and Go provider SDKs, including noVNC, fast-xml-parser, AWS EC2, Daytona, Islo, and related Go runtime libraries.
Fixed
- Fixed signed portal user tokens so caller-provided admin claims are rejected instead of granting admin access. Thanks @Hinotoi-agent.
- Fixed Islo workdir containment so absolute paths and parent-directory escapes are rejected before sandbox creation, sync, or run. Thanks @Hinotoi-agent.
- Fixed Islo archive sync uploads to use the API's multipart file contract instead of falling back after server-side
500responses. - Fixed Semaphore host configuration so dashboard URLs normalize to hosts while API paths, query strings, fragments, and user info are rejected. Thanks @stainlu.
- Fixed WebVNC portal input focus so controller typing stays in the remote desktop and right-clicks no longer open the browser context menu.
- Fixed Semaphore list output so locally claimed jobs show their lease slugs.
- Fixed E2B relative workdirs so they resolve under the configured E2B user's home instead of always
/home/user. - Fixed E2B workspace guardrails so broad roots such as
/,/home, and/tmpare rejected before sync creates, deletes, or extracts files. - Fixed E2B sandbox creation so unsafe workdirs are rejected before the API call. Thanks @stainlu.
- Fixed E2B user validation so path-like users are rejected before sandbox or process calls. Thanks @stainlu.
- Fixed stale Code, WebVNC, and egress bridge clients so expired or missing leases stop polling/restarting after terminal coordinator responses. Thanks @vincentkoc.
- Fixed
crabbox desktop pastefor terminal windows so symbol-heavy text falls back to direct typing instead of sending a literalCtrl+Vinto xterm-like sessions. - Removed the vulnerable transitive
fast-xml-builderWorker dependency by updating fast-xml-parser.
v0.8.0
Added
- Added
provider: azurefor managed Azure Linux and native Windows SSH leases, including direct and brokered provisioning, shared Azure networking, SKU fallback, Azure docs, and cleanup support. Thanks @jwmoss. - Added
provider: e2bfor delegated E2B sandbox runs using E2B sandbox REST/envd APIs. Thanks @zozo123. - Added
provider: semaphorefor direct Semaphore CI testbox leases over SSH. Thanks @loadez. - Added an authenticated coordinator control WebSocket for low-latency run attach streams and lease heartbeats, with HTTP polling/heartbeat fallback for older brokers. Thanks @vincentkoc.
- Added rescue-first desktop/WebVNC failure output that names the failing layer and prints exact
rescue:or native VNC fallback commands when bridges, viewers, browser launches, VNC targets, or input stacks hang. - Added collaborative WebVNC observer mode, with one active controller, read-only observers, and a portal takeover button that shows who is controlling the session.
- Added first-class
crabbox artifactscommands for desktop screenshots, MP4 recordings, trimmed GIFs, logs, metadata, Mantis/OpenClaw QA templates, and PR-ready publishing through broker-owned artifact storage, AWS S3, or Cloudflare R2.
Changed
- Expanded Semaphore and E2B documentation across provider, configuration, CLI, and command pages so direct providers have first-class setup, auth, lifecycle, and troubleshooting guidance.
- Changed
crabbox attachto prefer the coordinator control WebSocket, drain retained backlog pages, and then stream live run output with less polling latency. - Changed WebVNC portal sharing to open as an in-session modal, added a standalone share-page back action, and simplified collaboration controls into a single stateful control button.
- Raised the Go core coverage gate to 90% and added regression coverage around provider claims, config parsing, bootstrap defaults, run-log previews, and slug fallbacks.
Fixed
- Fixed the portal provider filters so Azure leases show their own filter badge and provider icon. Thanks @stainlu.
- Fixed Azure broker SSH security rules so repeated primary/fallback SSH ports are de-duplicated before writing network security group rules.
- Fixed
crabbox runtransport chatter by keeping SSH multiplexers alive longer, retrying fallback SSH ports for streaming commands, and batching stdout/stderr preview events into larger coordinator chunks. Thanks @vincentkoc. - Fixed macOS WebVNC cursor visibility by enabling noVNC's dot-cursor fallback when Screen Sharing sends a transparent or zero-sized cursor.
- Fixed managed AWS macOS bootstrap so VNC password generation does not abort under
pipefailbefore Screen Sharing readiness is installed. - Fixed WebVNC daemon start-by-slug so coordinator-backed leases use the resolved target OS in the background bridge command.
- Fixed coordinator-backed
crabbox listso a stale admin token no longer blocks normal logged-in users; the CLI now falls back to active user-visible leases instead of failing with401 unauthorized. - Fixed desktop, screenshot, VNC, and WebVNC SSH helpers so they retry live fallback ports when a coordinator lease advertises an SSH port that is not ready yet.
Fixed
- Fixed stale Code, WebVNC, and egress bridge clients so expired or missing leases stop polling/restarting after terminal coordinator responses. Thanks @vincentkoc.
Fixed
- Fixed Blacksmith Testbox shell command rendering so multiline
--shellpayloads with trailing blank whitespace do not produce a spurious shell syntax failure after the remote command succeeds.
v0.7.0
Added
- Added mediated egress commands and browser wiring so Linux desktop leases can proxy selected app traffic through the operator machine via the coordinator bridge.
- Added WebVNC portal clipboard controls for sending local clipboard text into the remote session and copying remote clipboard text back to the local browser.
- Added lease sharing for individual users or the owning org, including
crabbox share,crabbox unshare, API access checks, and a portal share control on lease detail pages.
Fixed
- Fixed
egress start --coordinatorso live public-route egress starts work when the local default coordinator is Cloudflare Access-protected. - Fixed Tailscale exit-node bootstrap paths to prefer tailnet metadata and fail clearly when remote exit-node egress is not active.
- Fixed
run --no-synctiming summaries so they reportsync_skipped=true. - Fixed native Windows command output so first-use PowerShell progress records do not leak CLIXML into run logs.
- Fixed Islo provider sync so
crabbox run --provider islouploads the local workspace, uses the correct/workspace/<workdir>, and falls back to chunked exec upload while the archive API returns server errors. - Fixed Code and WebVNC bridge websocket auth so upgraded brokers receive short-lived bridge tickets in the
Authorizationheader instead of logging them in URL query strings, while preserving query fallback for older brokers. - Fixed managed AWS macOS desktop leases so readiness and WebVNC use a writable
ec2-userwork root, callcrabbox-readyby absolute path, and read the generated Screen Sharing password via sudo.
v0.6.0
Added
- Added
provider: daytonafor Daytona sandbox leases using Daytona's SDK/toolbox for sync and command execution, with short-lived SSH access available throughcrabbox ssh. - Added Daytona CLI profile auth fallback so
daytona login --api-key ...can satisfy Crabbox Daytona auth without duplicatingDAYTONA_API_KEY. - Added
provider: islofor delegated Islo sandbox runs using the Islo Go SDK. - Added a provider backend registry and authoring guide so delegated and SSH-backed providers can live in provider-owned packages while core keeps command parsing, rendering, and capability validation.
- Added
--tailscale-exit-nodeand--tailscale-exit-node-allow-lan-accessso managed Linux leases can route egress through an approved tailnet exit node. - Added broker capacity hints for AWS leases, including selected market, attempted regions, quota/capacity advice, and configurable high-pressure class warnings.
- Added
crabbox codeand per-lease/code/portal URLs for authenticated code-server access on--codeLinux leases. - Added per-lease portal detail pages with bridge status, access-panel copy commands, recent run links, and a stop action.
- Added portal run detail pages with command metadata, result summaries, dense viewport-fitted portal tables, provider/OS badges, active/ended/provider/target filters, sticky portal chrome, and copyable retained log previews.
- Added latest lease telemetry snapshots for coordinator-backed Linux leases, including load, memory, disk, and uptime in
status --jsonand the portal detail view. - Added bounded lease telemetry history with portal sparklines and stale/high-resource badges on lease detail pages.
- Added run-level telemetry summaries with start/end Linux resource snapshots in run history JSON, human history output, and portal run tables/details.
- Added live run telemetry samples for longer Linux commands, including bounded coordinator storage and portal load/memory/disk trend lines on run detail pages.
- Added portal visibility for external Blacksmith Testbox runners synced from
crabbox list --provider blacksmith-testbox, with owner-scoped runner rows, stale markers, GitHub Actions links, status badges, stuck filters, detail pages, and copyable local stop commands. - Added admin portal visibility for non-owned runner leases, including
mine/systemfilters and matching detail/code/VNC drilldowns for operator sessions. - Added
crabbox desktop launch --webvnc --opento launch a desktop browser/app and immediately bridge the same lease into the WebVNC portal. - Added
crabbox webvnc --daemon/--backgroundplus--status/--stopfor background WebVNC bridges without tmux. - Added
crabbox media previewfor creating motion-trimmed GIF previews and optional trimmed MP4 clips from desktop recordings. - Documented the prebaked runner image boundary: provider-owned AMIs/snapshots hold machine capabilities while repo/runtime caches stay in QA workflows or warm leases.
Changed
- Changed AWS capacity fallback to route configured
CRABBOX_CAPACITY_REGIONSacross both brokered and direct AWS launches, with the deployed coordinator defaulting to a wider multi-region pool for better headroom. - Changed coordinator lease requests to omit the default capacity block, preserving mixed-version broker compatibility while still sending explicit market, strategy, fallback, multi-region, availability-zone, or hint opt-out settings.
- Changed coordinator-backed CLI lease output to print broker capacity hints when AWS routing, quota, Spot fallback, or configured high-pressure classes are involved.
- Changed the portal lease table to merge external Blacksmith Testbox runners into the main grid as muted, disabled rows instead of rendering a separate external-runners table.
- Refactored built-in provider backend implementations into
internal/providers/<name>packages while keeping command orchestration and rendering core-owned.
Fixed
- Fixed Daytona SDK sync so tar creation and Daytona toolbox upload stream from disk instead of buffering large archives in memory.
- Fixed Daytona resource override handling so snapshot-only sandboxes reject generic
--classand--typeflags instead of accepting no-op compute settings. - Fixed Islo delegated runs so shell-mode commands preserve raw shell strings and truncated exec streams fail instead of silently reporting success.
- Fixed provider-owned flags and target/capability validation to run through registered provider specs while preserving script-facing list JSON compatibility for coordinator and Blacksmith backends.
- Fixed Blacksmith Testbox queued/outage failures so users see the upstream queue state and practical fallback guidance instead of an opaque timeout.
- Fixed Blacksmith Testbox repo inference for mirrored repositories and portal runner sync for stale or external Testbox rows.
- Fixed managed Linux desktop/browser leases to preinstall video capture and native addon build helpers, avoiding per-scenario apt installs in browser QA runs.
- Fixed managed Linux desktop leases to use a slim XFCE session instead of bare Openbox, preserving a real panel/window-manager desktop while avoiding the full XFCE meta package.
- Fixed SSH readiness progress logs to distinguish open TCP ports, failed SSH authentication, and failed Crabbox ready checks.
- Fixed auto-shell command reconstruction so arguments with spaces stay quoted when shell operators such as
&&are present. - Fixed managed Linux bootstrap ordering so SSH is reachable before slow desktop/browser package setup while readiness still waits for the full desktop/browser contract.
- Fixed managed desktop/browser warmups so slow cloud-init bootstraps get a longer readiness window, retry once after SSH timeout, and clean up failed leases instead of leaking unusable VMs.
- Fixed brokered cloud server names so friendly-slug collisions with stale provider VMs do not block new leases.
- Fixed human WebVNC desktop launches to keep browser windows windowed by default and reserve fullscreen for explicit capture/video workflows.
- Fixed WebVNC portal status text and bridge commands so waiting/reset states explain the exact local bridge command to run.
- Fixed the Code portal waiting state so it shows bridge status, copy/reload controls, and automatically opens the workspace once the local bridge connects.
- Fixed
crabbox webvnc --stopso daemon shutdown terminates the active child bridge, not only the supervisor. - Fixed portal command rows so their copy affordance copies the matching local command instead of only labelling the section.
- Fixed portal Windows target badges to show compact
winandwin (wsl2)labels instead ofwindows / normal. - Fixed portal access and time columns to use compact capability icons, relative time labels, and sortable time metadata instead of wide action buttons and Zulu timestamps.
- Fixed lease detail layout so local commands live inside the access panel instead of forcing a separate full-width commands section above recent runs.
- Fixed portal run detail layout density, responsive action alignment, and run telemetry readability so long-lived run pages fit operator viewports cleanly.
- Fixed generated docs-site navigation so the sidebar scroll position is preserved while moving between pages.
- Fixed Windows WebVNC credential handling so generated portal links preserve special characters and managed TightVNC sessions copy service passwords into the logged-in user's registry profile.
- Fixed managed Linux browser setup so Chrome/Chromium launches skip first-run and default-browser prompts.
- Fixed managed Linux browser cloud-init setup so Chrome/Chromium policy and wrapper generation cannot break YAML parsing.
- Fixed WebVNC portal passwords with escaped special characters and kept the bridge alive across viewer resets and transient coordinator EOFs.
v0.5.1
Added
- Added
.crabboxignorefor repo-local sync-only exclude patterns shared byrunandsync-plan. - Added WebVNC portal controls for reconnect, fullscreen, and clipboard-ready bridge commands.
Fixed
- Fixed managed AWS Windows WSL2 bootstrap by using the current Ubuntu WSL rootfs URL, downloading large rootfs files through
curl.exe, and retrying empty or partial rootfs downloads instead of reusing a poisoned tarball. Thanks @vincentkoc. - Fixed AWS Windows WSL2 mode overrides so they refresh the default instance type to a nested-virtualization-capable family. Thanks @steipete.
- Fixed AWS Windows WSL2 runs so mode overrides also refresh the default work root to
/work/crabboxwhile keeping WSL2 sync on the fast rsync path. - Fixed remote git seeding so an unfetchable local commit cannot leave an empty
.gitworktree that makes sync sanity report every tracked file as deleted. - Skipped remote git seeding for local commits that are not present in any remote-tracking ref, avoiding slow doomed clone/fetch attempts before rsync.
- Fixed WebVNC bridge reconnects so reloading or reconnecting the browser no longer requires restarting the local bridge.
- Fixed Windows archive sync from macOS so Apple extended attributes do not spam remote tar warnings.
- Fixed the Homebrew formula test command so GoReleaser emits the expected formula syntax.
v0.5.0
Added
- Added
--desktop,--browser, andcrabbox vncfor optional Linux UI/browser leases, including loopback-only VNC with per-lease passwords and headless browser support without a desktop. - Added authenticated WebVNC portal support with
crabbox webvnc, which bridges a desktop lease into the coordinator portal with short-lived bridge tickets and without exposing the remote VNC port. - Added managed AWS Windows desktop leases with OpenSSH, Git for Windows, loopback TightVNC, per-lease VNC passwords, and
crabbox vnc. - Added managed AWS Windows WSL2 support for Linux command execution inside brokered Windows leases.
- Added AWS macOS desktop lease plumbing for EC2 Mac Dedicated Hosts, including Screen Sharing setup and per-lease credentials.
- Added
crabbox vnc --opento start the SSH tunnel and launch the local VNC client for managed desktop leases. - Added
crabbox desktop launchto open a browser or app inside a visible desktop lease, including native Windows scheduled-task launch for the logged-in console session. - Added
crabbox screenshotto save a PNG from a desktop lease without opening a VNC client. - Added optional Tailscale reachability for managed Linux leases with
--tailscale,--network auto|tailscale|public, brokered OAuth auth-key minting, and non-secret tailnet metadata in status/inspect output. - Added static macOS/Windows VNC endpoint discovery, including SSH-tunneled loopback VNC and trusted static direct VNC on
host:5900. - Added generated Windows console login details and auto-logon for managed AWS Windows desktop leases.
- Added a minimal XFCE desktop profile with panel/window manager for managed VNC leases.
- Added generated command help for grouped commands so
crabbox actions --help,crabbox cache --help,crabbox desktop --help, and similar entrypoints exit cleanly.
Changed
- Clarified static macOS/Windows VNC as existing-host access, not Crabbox-created boxes, so
--openno longer launches an OS credential prompt unless--host-managedis passed. - Switched top-level CLI routing to Kong while preserving existing per-command flags, passthrough remote commands, aliases, and exit-code behavior.
Fixed
- Fixed WebVNC portal login redirects by canonicalizing broker origins before starting the browser login flow.
- Fixed AWS desktop provisioning and Windows SSH bootstrap issues that could leave managed desktop leases unreachable.
- Fixed passthrough command help such as
crabbox run --helpso it prints local usage instead of provisioning a remote lease. - Fixed
crabbox desktop launch --browseron freshly warmed desktop leases by creating the remote workdir before launching the app. - Fixed failed Blacksmith Testbox warmups so printed, newly listed, or delayed
tbx_...boxes are stopped instead of being left queued after an upstream workflow error. - Fixed
crabbox run --junitso all-passing JUnit files record results instead of leaving the coordinator run stuck when the failure list is empty. - Fixed native Windows
--shellruns so multi-statement PowerShell scripts keep their quotes instead of being re-parsed by a nested PowerShell process. - Removed the static macOS managed-login path so static host VNC cannot be mistaken for a Crabbox-created external instance.
- Excluded macOS AppleDouble
._*sidecar files from default sync manifests so native Windows archives do not transfer invalid TypeScript/package sidecars. - Quoted
crabbox vnctunnel key paths so macOSApplication Supportlease keys can be pasted directly into a shell. - Skipped Linux-only GitHub Actions hydration stop markers on native Windows static targets.
- Fixed brokered Tailscale requests on coordinators without OAuth secrets so they fail as disabled instead of entering the auth-key minting path.
- Fixed Worker deploy smoke to prefer the Crabbox-scoped Cloudflare token when it is present in the environment or local profile.
v0.4.0
Highlights
- Added static SSH macOS and Windows targets with
--target macos|windows,--windows-mode normal|wsl2, and config/env support for reusable hosts. - Brokered Hetzner and AWS leases now reject non-Linux targets clearly; use
provider: sshfor macOS or Windows hosts. - Made Blacksmith live smoke explicit opt-in so the default live smoke works in repositories without a Testbox workflow.
Install
brew update
brew upgrade openclaw/tap/crabbox
# or
brew install openclaw/tap/crabboxGoReleaser archives are attached for macOS, Linux, and Windows. See checksums.txt for SHA-256 checksums.
Verification
- Full local gate passed: Go vet/test/race/coverage/build, Worker format/lint/typecheck/test/build, docs check, GoReleaser snapshot, and whitespace check.
- GitHub CI passed for the release prep commit.
- Release workflow passed and published GitHub assets plus the Homebrew formula.
- Homebrew install/upgrade smoke passed with
crabbox --versionreporting0.4.0. - Coordinator-backed AWS live smoke passed from the published Homebrew binary with lease cleanup verified.