v0.2.1

🚀 Announcing Agent Sandbox v0.2.1!

We are excited to announce the release of Agent Sandbox v0.2.1!

This release introduces a major shift to a "Secure by Default" networking architecture, enforcing strict isolation for AI agents while providing a highly scalable shared policy model. Alongside these security and architectural advancements, this version strengthens observability with new telemetry metrics, enhances controller stability through a migration to the Deployment model, and expands the Python SDK capabilities with Pod Snapshots and native Kubernetes client support.

⚠️ Breaking Changes

• Controller Migration (StatefulSet to Deployment): The core controller has been migrated from a StatefulSet to a Deployment, and leader election is now enabled by default. Action Required: You must delete the existing StatefulSet before deploying the new version to avoid conflicts by running kubectl delete statefulset agent-sandbox-controller -n agent-sandbox-system (#191).
• Metrics Service Port Update: The metrics Service port has been changed from 80 to 8080 to align with standard practices and avoid traffic conflicts. Action Required: Update any custom ServiceMonitor resources or Prometheus scraping configurations to target port 8080 (#366).
• Secure-by-Default Network Isolation: SandboxTemplates that do not explicitly define a network policy now default to a strict isolation posture. This blocks access to internal cluster IPs, VPC subnets, and the node metadata server. Action Required: If your agents require access to internal services, you must explicitly define these rules in your SandboxTemplate or opt out by setting the SandboxTemplate's spec.networkPolicyManagement field to Unmanaged (#287).

Key Highlights

• Secure by Default Networking & Scalability: Implemented a strict security baseline for all sandboxes. If no policy is specified, the controller automatically blocks access to internal cluster IPs, VPC subnets, and the node metadata server. To ensure scalability, a single shared NetworkPolicy is now managed per SandboxTemplate rather than per individual sandbox, enabling instant fleet-wide updates with minimal API overhead.
• Multi-Language SDK Advancements:
  • Typed Go Client: Introduced a native Kubernetes Go client generated via client-gen, allowing Go developers to interact with Agent Sandbox resources using standard, type-safe Kubernetes patterns.
  • Python SDK Advancements: Added support for GKE Pod Snapshots, enabling users to capture the state of running sandboxes. The SDK now features native Kubernetes client generation and new file management methods (list and exists).
• Improved Observability & Metrics: Introduced new metrics to track sandbox lifecycles, including agent_sandbox_claim_startup_latency_ms and agent_sandbox_claim_creation_total. Metrics and healthz container ports are now explicitly defined for better networking transparency.
• Controller Stability & Scaling: The core controller has been migrated from a StatefulSet to a Deployment for better lifecycle management. It now supports controller concurrency, configurable router timeouts, and enhanced leader election settings.
• Robust Testing Infrastructure: The test suite now uses a watch-based mechanism instead of polling for more accurate results and captures detailed logs (including kubelet and containerd) into artifacts for easier debugging. A new load test using clusterloader2 has been added to simulate high-density sandbox environments.

Installation

Core & Extensions

# To install only the core components:
kubectl apply -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/v0.2.1/manifest.yaml

# To install the extensions components:
kubectl apply -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/v0.2.1/extensions.yaml

Python SDK

pip install k8s-agent-sandbox==0.2.1

Contributors

A huge thank you to all the contributors who made this release possible!

@antonipp, @mastersingh24, @SHRUTI6991, @igooch, @shrutiyam-glitch, @jkallogjeri, @justinsb, @runzhliu, @janetkuo, @vicentefb, @acsoto, @Oneimu, @sabre1041, @e-minguez, @Aliexe-code, @tp953704, @aditya-shantanu, @dongjiang1989, @tomergee, @shreyas-badiger, @esposem, @yongruilin

👋 New Contributors

• @e-minguez made their first contribution in #302
• @sabre1041 made their first contribution in #301
• @runzhliu made their first contribution in #281
• @jkallogjeri made their first contribution in #259
• @Aliexe-code made their first contribution in #332
• @tp953704 made their first contribution in #333
• @Oneimu made their first contribution in #298
• @dongjiang1989 made their first contribution in #364
• @mastersingh24 made their first contribution in #233
• @esposem made their first contribution in #377
• @shreyas-badiger made their first contribution in #374
• @yongruilin made their first contribution in #389

Full Changelog: v0.1.1...v0.2.1

v0.1.1

🚀 Announcing Agent Sandbox v0.1.1!

We are excited to announce the release of Agent Sandbox v0.1.1!

This release brings significant improvements to documentation, observability, extensibility, and stability, along with several new examples to help you get started.

Key Highlights

• New Documentation Site: We have launched a dedicated https://agent-sandbox.sigs.k8s.io/ site to make it easier to find guides and references.
• OpenTelemetry Support: Added optional OpenTelemetry tracing to both the Python client and the Controllers, improving observability for your agentic workloads.
• Enhanced Capabilities:
  • Shutdown Policy: Support for configurable Sandbox/SandboxClaim shutdown policies and shutdown times.
  • Extensions: Better management for extension deployments, including automount and NetworkPolicy support.
• Critical Fixes & Stability:
  • gVisor Support in Python SDK: Major Python client refactor enabling full gVisor (runsc) compatibility.
  • WarmPool Reliability: Fixed pod adoption logic, metadata propagation, and prioritization of "Ready" pods.
  • Lifecycle Management: Resolved repeated expiry cleanup loops.
• New Examples: Explore new examples including Gemini Computer Use, ADK Agent, and a Moltbot example.

Installation

# To install only the core components:
kubectl apply -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/v0.1.1/manifest.yaml

# To install the extensions components:
kubectl apply -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/v0.1.1/extensions.yaml

---

Contributors

A huge thank you to all the contributors who made this release possible!

@janetkuo, @volatilemolotov, @igooch, @antonipp, @mlgarchery, @shrutiyam-glitch, @lizzzcai, @barney-s, @sdowell, @vicentefb, @Iceber, @acsoto, @ArthurKamalov, @tomergee, @peterzhongyi, @hzxuzhonghu, @aditya-shantanu, @SHRUTI6991, @alex-akv, @bilalshaikh42, @justinsb

👋 New Contributors

• @igooch made their first contribution in #159
• @antonipp made their first contribution in #157
• @mlgarchery made their first contribution in #179
• @shrutiyam-glitch made their first contribution in #172
• @lizzzcai made their first contribution in #152
• @Iceber made their first contribution in #185
• @acsoto made their first contribution in #209
• @ArthurKamalov made their first contribution in #195
• @hzxuzhonghu made their first contribution in #222
• @aditya-shantanu made their first contribution in #218
• @SHRUTI6991 made their first contribution in #220
• @alex-akv made their first contribution in #186
• @bilalshaikh42 made their first contribution in #241

Full Changelog: v0.1.0...v0.1.1

v0.1.0

🚀 Announcing Agent Sandbox v0.1.0!

We are thrilled to announce the first official release of Agent Sandbox, v0.1.0!

This release marks a major milestone, providing a powerful and flexible platform for managing isolated, stateful, singleton workloads in Kubernetes, ideal for use cases like AI agent runtimes. With v0.1.0, you can:

• Define and manage sandboxes declaratively using the new Sandbox, SandboxTemplate, and SandboxClaim APIs.
• Run a variety of workloads in isolated environments, as demonstrated by our examples.
• Improve performance with SandboxWarmPool, allowing for faster sandbox creation.

This release is the culmination of the hard work of our contributors, and we're excited to see what you build with it!

Installation

# To install only the core components:
kubectl apply -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/v0.1.0/manifest.yaml

# To install the extensions components:
kubectl apply -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/v0.1.0/extensions.yaml

Contributors

A huge thank you to all the contributors who made this release possible!

@janetkuo, @barney-s, @justinsb, @ameukam, @sdowell, @vicentefb, @tomergee, @flpanbin, @peterzhongyi, @YaoZengzeng, and @volatilemolotov.

Full Changelog: https://github.com/kubernetes-sigs/agent-sandbox/commits/v0.1.0

v0.1.0-rc.2

What's Changed

• docs: add example for using gvisor with Sandbox by @sdowell in #128
• Add enhancements template and script for TOC by @janetkuo in #98
• Add user guides for sandbox and extensions by @janetkuo in #135
• Docs for examples by @janetkuo in #141
• Simple fix for deployment ordering by @janetkuo in #142
• Build and push all examples/ images by @janetkuo in #143
• feat: Agentic Sandbox Client Python by @tomergee in #134

Full Changelog: v0.1.0-rc.1...v0.1.0-rc.2

v0.1.0-rc.1

What's Changed

• Automate release process by @janetkuo in #118
• fix: controller binary will mistakely be x86 format for arm image by @YaoZengzeng in #126
• Sandbox get pod from warmpool by @peterzhongyi in #115
• cleanup: Integrate PodMetadata into SandboxTemplate by @barney-s in #122
• Add script for generating release manifests by @janetkuo in #130

New Contributors

• @YaoZengzeng made their first contribution in #126

Full Changelog: v0.1.0-rc.0...v0.1.0-rc.1

v0.1.0-rc.0

What's Changed

• Update README with project details by @janetkuo in #1
• Update README to address review comments by @janetkuo in #2
• Clarify memory sharing is a runtime-specific feature by @janetkuo in #3
• Add sandbox API definition by @barney-s in #4
• Implement a simple sandbox controller using controller-runtime by @barney-s in #5
• chore: add tools to apply correct headers by @justinsb in #10
• chore: use tools.mod for generation by @justinsb in #14
• chore: bump controller-runtime to 0.22.1 by @justinsb in #24
• Create headless service to access the sandbox by @barney-s in #9
• chore: remove duplicate header scripts by @justinsb in #15
• chore: add tool to fix gofmt by @justinsb in #25
• chore: harmonize go generate on dev/tools approach by @justinsb in #26
• chore: add presubmit script to verify fix-* scripts have been run by @justinsb in #11
• Sandbox example: Launch Chrome in sandbox with VNC by @justinsb in #20
• remove manifests folder and add k8s folder by @barney-s in #28
• rename sandbox .spec.template -> .spec.podTemplate by @barney-s in #27
• Implement Status for Sandbox by @barney-s in #19
• chore: scripts to deploy to kube by @justinsb in #13
• Ensure a Docker builder is running for multi-platform by @ameukam in #42
• Add metadata labels and annotations support in sandbox podTemplate by @barney-s in #39
• chore: generate RBAC for kube deployment by @justinsb in #16
• chore: fix image rewriting by @justinsb in #40
• Force opting out of API credential automounting by @janetkuo in #48
• fix make build target by @barney-s in #47
• Add kind deployment in makefile by @barney-s in #49
• Small optimization of the Docker image for the controller by @ameukam in #46
• Example: Run vscode and gemini in a sandbox by @barney-s in #45
• Add policy for token automount instead of mutating in the controller by @janetkuo in #55
• ci: add basic boilerplate for invoking unit tests by @sdowell in #57
• ci: implement unit test runner entrypoint by @sdowell in #61
• test: add unit tests for reconcilePod by @sdowell in #64
• Adding SandboxTemplate and SandboxClaim CRDs by @barney-s in #8
• ci: add placeholder entrypoints for lint and e2e by @sdowell in #65
• Add support for volumeClaimTemplates by @barney-s in #56
• feat: Added example of SA binding protection using Kyverno ClusterPolicy by @vicentefb in #67
• Add support for shutdownTime in sandbox.spec by @barney-s in #51
• Example: Composition of Sandbox and NW Policies using KRO by @barney-s in #37
• Example: Run code in an isolated Python runtime sandbox by @tomergee in #54
• Add development guide by @barney-s in #62
• nit: updatd urlPath for Kyverno policy by @vicentefb in #71
• nit: Update example Sandbox CR by @vicentefb in #68
• ci: add go lint tooling and presubmit by @sdowell in #66
• Use sandbox volume claim template instead of creating PVs manually by @barney-s in #73
• chore: do not rely on preserveUnknownFields in CRDs by @justinsb in #69
• examples: chrome-sandbox now checks for debug endpoint by @justinsb in #43
• test: implement e2e test scaffolding and simple test by @sdowell in #74
• fix: Switched from Kyverno to OPA Gatekeeper as Policy Engine by @vicentefb in #77
• Added Netlify config by @janetkuo in #81
• test: add coverage for sandbox top level Reconcile by @sdowell in #80
• feat: Implement .spec.replicas and /scale by @barney-s in #82
• Fix Netlify build failure by @janetkuo in #86
• Change the dev/ci code to not use makefile by @barney-s in #83
• feat: Claim controller - First cut by @barney-s in #72
• ci: create junit file when e2e tests fail by @sdowell in #90
• fix egress schema to take a list of objects. by @barney-s in #91
• Code cleanup: fix comment and add constant by @flpanbin in #89
• test: add test coverage for sandbox shutdown time by @sdowell in #92
• show how to run a prompt in the sandbox by @barney-s in #95
• test: add e2e test for replicas by @sdowell in #96
• feat: added Anthos Policy Controller example by @vicentefb in #87
• Create CRD for sandboxwarmpool by @peterzhongyi in #63
• fix: set replicas status after shutdownTime expires by @sdowell in #99
• Define a Cloudbuild for OCI image build by @ameukam in #101
• tests: add simple benchmark for chrome-sandbox example by @justinsb in #44
• Bump Docker image to Debian 13 by @ameukam in #104
• chore: better logging from docker builds by @justinsb in #111
• tests: include json output from test-e2e by @justinsb in #112
• chrome-sandbox: install chromium to support arm by @justinsb in #110
• Add Sandbox Warm Pool Controller basic logic by @peterzhongyi in #84
• ci: fix image prefix for staging registry by @sdowell in #114
• ci: fix tag definitions for image publishing by @sdowell in #116

New Contributors

• @janetkuo made their first contribution in #1
• @barney-s made their first contribution in #4
• @justinsb made their first contribution in #10
• @ameukam made their first contribution in #42
• @sdowell made their first contribution in #57
• @vicentefb made their first contribution in #67
• @tomergee made their first contribution in #54
• @flpanbin made their first contribution in #89
• @peterzhongyi made their first contribution in #63

Full Changelog: https://github.com/kubernetes-sigs/agent-sandbox/commits/v0.1.0-rc.0