cloudflare
diff --git a/‎.changeset/env-isolation-security.md‎
Lines changed: 0 additions & 56 deletions b/‎.changeset/env-isolation-security.md‎
Lines changed: 0 additions & 56 deletions
diff --git a/‎.changeset/fair-impalas-agree.md‎
Lines changed: 0 additions & 5 deletions b/‎.changeset/fair-impalas-agree.md‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎examples/basic/Dockerfile‎
Lines changed: 2 additions & 2 deletions b/‎examples/basic/Dockerfile‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎examples/code-interpreter/package.json‎
Lines changed: 1 addition & 1 deletion b/‎examples/code-interpreter/package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎package-lock.json‎
Lines changed: 2 additions & 2 deletions b/‎package-lock.json‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎packages/sandbox/CHANGELOG.md‎
Lines changed: 63 additions & 0 deletions b/‎packages/sandbox/CHANGELOG.md‎
Lines changed: 63 additions & 0 deletions
diff --git a/‎packages/sandbox/README.md‎
Lines changed: 1 addition & 1 deletion b/‎packages/sandbox/README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/sandbox/package.json‎
Lines changed: 1 addition & 1 deletion b/‎packages/sandbox/package.json‎
Lines changed: 1 addition & 1 deletion
@@ -1,8 +1,8 @@
 # This image is unique to this repo, and you'll never need it.
 # Whenever you're integrating with sandbox SDK in your own project,
 # you should use the official image instead:
-# FROM docker.io/cloudflare/sandbox:0.2.4
-FROM cloudflare/sandbox-test:0.2.4
+# FROM docker.io/cloudflare/sandbox:0.3.0
+FROM cloudflare/sandbox-test:0.3.0
 
 # On a mac, you might need to actively pick up the
 # arm64 build of the image.
 
@@ -17,7 +17,7 @@
     "wrangler": "^4.27.0"
   },
   "dependencies": {
-    "@cloudflare/sandbox": "^0.2.4",
+    "@cloudflare/sandbox": "^0.3.0",
     "openai": "^5.12.0"
   }
 }
@@ -1,5 +1,68 @@
 # @cloudflare/sandbox
 
+## 0.3.0
+
+### Minor Changes
+
+- [#59](https://github.com/cloudflare/sandbox-sdk/pull/59) [`b6757f7`](https://github.com/cloudflare/sandbox-sdk/commit/b6757f730c34381d5a70d513944bbf9840f598ab) Thanks [@ghostwriternr](https://github.com/ghostwriternr)! - Add process isolation for sandbox commands
+
+  Implements PID namespace isolation to protect control plane processes (Jupyter, Bun) from sandboxed code. Commands executed via `exec()` now run in isolated namespaces that cannot see or interact with system processes.
+
+  **Key security improvements:**
+
+  - Control plane processes are hidden from sandboxed commands
+  - Platform secrets in `/proc/1/environ` are inaccessible
+  - Ports 8888 (Jupyter) and 3000 (Bun) are protected from hijacking
+
+  **Breaking changes:**
+
+  1. **Removed `sessionId` parameter**: The `sessionId` parameter has been removed from all methods (`exec()`, `execStream()`, `startProcess()`, etc.). Each sandbox now maintains its own persistent session automatically.
+
+     ```javascript
+     // Before: manual session management
+     await sandbox.exec("cd /app", { sessionId: "my-session" });
+
+     // After: automatic session per sandbox
+     await sandbox.exec("cd /app");
+     ```
+
+  2. **Commands now maintain state**: Commands within the same sandbox now share state (working directory, environment variables, background processes). Previously each command was stateless.
+
+     ```javascript
+     // Before: each exec was independent
+     await sandbox.exec("cd /app");
+     await sandbox.exec("pwd"); // Output: /workspace
+
+     // After: state persists in session
+     await sandbox.exec("cd /app");
+     await sandbox.exec("pwd"); // Output: /app
+     ```
+
+  **Migration guide:**
+
+  - Remove `sessionId` from all method calls - each sandbox maintains its own session
+  - If you need isolated execution contexts within the same sandbox, use `sandbox.createSession()`:
+    ```javascript
+    // Create independent sessions with different environments
+    const buildSession = await sandbox.createSession({
+      name: "build",
+      env: { NODE_ENV: "production" },
+      cwd: "/build",
+    });
+    const testSession = await sandbox.createSession({
+      name: "test",
+      env: { NODE_ENV: "test" },
+      cwd: "/test",
+    });
+    ```
+  - Environment variables set in one command persist to the next
+  - Background processes remain active until explicitly killed
+  - Requires CAP_SYS_ADMIN (available in production, falls back gracefully in dev)
+
+### Patch Changes
+
+- [#62](https://github.com/cloudflare/sandbox-sdk/pull/62) [`4bedc3a`](https://github.com/cloudflare/sandbox-sdk/commit/4bedc3aba347f3d4090a6efe2c9778bac00ce74a) Thanks [@ghostwriternr](https://github.com/ghostwriternr)! - Fix broken build due to bun lockfile not being used
+
 ## 0.2.4
 
 ### Patch Changes
 
@@ -72,7 +72,7 @@ npm install @cloudflare/sandbox
 1. **Create a Dockerfile** (temporary requirement, will be removed in future releases):
 
 ```dockerfile
-FROM docker.io/cloudflare/sandbox:0.2.4
+FROM docker.io/cloudflare/sandbox:0.3.0
 
 # Expose the ports you want to expose
 EXPOSE 3000
 
@@ -1,6 +1,6 @@
 {
   "name": "@cloudflare/sandbox",
-  "version": "0.2.4",
+  "version": "0.3.0",
   "repository": {
     "type": "git",
     "url": "https://github.com/cloudflare/sandbox-sdk"
Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@`
`17`	`17`	`"wrangler": "^4.27.0"`
`18`	`18`	`},`
`19`	`19`	`"dependencies": {`
`20`		`- "@cloudflare/sandbox": "^0.2.4",`
	`20`	`+ "@cloudflare/sandbox": "^0.3.0",`
`21`	`21`	`"openai": "^5.12.0"`
`22`	`22`	`}`
`23`	`23`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@cloudflare/sandbox",`
`3`		`- "version": "0.2.4",`
	`3`	`+ "version": "0.3.0",`
`4`	`4`	`"repository": {`
`5`	`5`	`"type": "git",`
`6`	`6`	`"url": "https://github.com/cloudflare/sandbox-sdk"`