v0.2.0

Session-based execution, patches, and GHCR image

This release is a total refactor that focuses the project on safe, session-based command execution. You can now run multiple commands across multiple requests within the same session, get a patch of the changes produced by those commands, and optionally fail fast on the first error. A Docker image is now built and pushed to GitHub Container Registry on pushes to main.

⚠️ Breaking changes

• The run commands endpoint is now session-based. You can run multiple commands over multiple requests using the same session.
• The run commands response now returns a patch (diff) of file changes instead of an archive of changed files.
• Removed support to run arbitrary code.

Please review the migration guide below before upgrading.

Highlights

• Session-like API for multi-step executions.
• Patch-first design: concise diffs instead of full archives.
• Safety & ergonomics: fail_fast to stop early on errors.
• CI enhancement: Docker image automatically published to GHCR.

Migration guide

1. Adopt sessions

   • Before: single-shot command execution per request.
   • Now: create/use a session, then send one or more command batches tied to that session until you close it.

2. Consume patches instead of archives

   • Update downstream tooling to parse unified diffs.
   • Apply with standard tools (e.g., git apply or patch) if you need to materialize file changes.

3. Stop on first failure (optional)

   • Opt into stricter behavior with fail_fast=true to abort on the first failing command.

4. Enable/handle extract_patch

   • Use extract_patch=true when you specifically want to retrieve the generated patch artifact.

5. Audit any arbitrary code execution paths

   • Replace usage with explicit command execution via sessions.

Tip: If you previously automated downloads of an archive, switch to saving the returned patch (e.g., changes.patch) and apply it where needed.

Documentation

• README.md has been updated to reflect session-based execution and patch responses.

---

Full Changelog

Compare changes

v0.1.1

Changed

• Migrated pyproject.toml to use standard dev dependencies group declaration.
• Updated urls declared in pyproject.toml to use standard labels.
• Updated sensible pydantic settings to use SecretStr to avoid exposing sensitive information.

v0.1.0

🧪 daiv-sandbox v0.1.0 – First Official Release 🎉

We’re proud to announce the first official release of daiv-sandbox following the v0.1.0-rc.* candidate cycle! This marks the beginning of public availability, with a stable feature set and robust container-based sandboxing for command and code execution.

Note

While still under the 0.x prefix (indicating ongoing development), this release is suitable for real-world usage and follows a tested and consistent API.

🚀 What's Included

• Secure Containerized Execution

  • Run untrusted code and shell commands inside isolated Docker containers.
  • Each execution is ephemeral — containers are spun up and torn down per request.

• FastAPI-Based REST Interface

  • POST /run/commands/: Run shell commands on provided archives.
  • POST /run/code/: Execute Python code with optional dependencies.

• gVisor Runtime Support (Optional)

  • Use Google’s gVisor (runsc) for added kernel isolation.
  • Toggle runtime via the DAIV_SANDBOX_RUNTIME env variable.

• Docker Image Available

  • Pull from GitHub Container Registry:
    ghcr.io/srtab/daiv-sandbox:latest

⚠️ Known Limitations

• Only python is supported in /run/code/ (more languages planned!).
• distroless base images are unsupported (lack shell for command execution).
• gVisor may introduce minor performance overhead in exchange for improved isolation.

📦 Quick Start

docker run --rm -d -p 8000:8000 \
  -e DAIV_SANDBOX_API_KEY=my-secret-api-key \
  ghcr.io/srtab/daiv-sandbox:latest

Refer to the README for full configuration and API usage details.

💬 Feedback & Contribution

This is a great time to report bugs, request features, or contribute!
Open an issue or PR on GitHub to help shape the future of daiv-sandbox.

v0.1.0-rc.10

Changed

• Moved LANGUAGE_BASE_IMAGES from daiv_sandbox/main.py to daiv_sandbox/languages.py.

Fixed

• Changed strategy to determine where the run will execute inside the container. Now the default user and working directory are considered to avoid privileges issues.

v0.1.0-rc.9

Fixed

• Fixed issue when images have limited privileges.

Chore:

• Updated dependencies:
  • ipython from 8.30 to 8.31
  • pydantic from 2.10.3 to 2.10.4
  • pydantic-settings from 2.6.1 to 2.7.0
  • ruff from 0.8.2 to 0.8.4
  • mypy from 1.13.0 to 1.14.0

v0.1.0-rc.8

Added

• Added HOST and PORT settings to allow overriding the host and port of the service.
• Added LOG_LEVEL setting to allow overriding the log level of the service.

Fixed

• Fixed logging configuration for daiv_sandbox logger, no logs where being written to the console.
• Fixed SENTRY_ENABLE_TRACING setting to be a boolean or an integer.

v0.1.0-rc.7

Added

• Added ping method to SandboxDockerSession to check if the Docker client is responding.

Changed

• Changed health endpoint to check if the Docker client is responding and avoid starting the service if it is not responding.
• Changed default DOCKER_GID to 991.

v0.1.0-rc.6

Added

• Added SENTRY_ENABLE_TRACING configuration to enable Sentry tracing.
• Added EXPOSE 8000 to the Dockerfile to explicitly expose the port.

Changed

• Updated dependencies:
  • ipython from 8.29 to 8.30
  • pyopenssl from 24.2.1 to 24.3.0
  • ruff from 0.8.0 to 0.8.2

v0.1.0-rc.5

Added

• Added Dockerfile args to allow overriding the application UID and GID, and docker GID.

Fixed

• Fixed the Dockerfile to create the app user with the correct group and user IDs to avoid permission issues.
• Fixed the Dockerfile to create the docker group with the correct GID to allow the app user to access the docker socket.

v0.1.0-rc.4

Added

• Added HEALTHCHECK to the Dockerfile.

Fixed

• Fixed Dockerfile to create the app user with the correct home directory defined.

Changed

• Changed /health/ endpoint to /-/health/.
• Changed /version/ endpoint to /-/version/.