sandboxes: document --clone, in-container clone and source-repository isolation#25140
Open
ndeloof wants to merge 1 commit into
Open
sandboxes: document --clone, in-container clone and source-repository isolation#25140ndeloof wants to merge 1 commit into
ndeloof wants to merge 1 commit into
Conversation
… isolation Replaces the `--branch[=NAME]` documentation with `--clone` (boolean) on both `sbx create` and `sbx run`, matching the CLI rename in docker/sandboxes#3055. Clone mode is now strictly about running the agent on a private in-container `git clone --reference` of the host repository; no host-side branch is created on the user's behalf — the user instructs the agent to `git checkout -b ...` inside the sandbox if a dedicated working branch is needed. Key documentation changes: - usage.md: "Branch mode" section is renamed to "Clone mode" and rewritten end-to-end. Drops the `.sbx/<name>-worktrees/...` directory mention (no longer created), the host-side branch creation/checkout step, the `--branch=auto` flow, and the legacy "Multiple branches per sandbox" section. Adds: * an explicit note that clone mode is fixed at create time; * the forge-remote propagation behaviour (origin/upstream propagated from host into the in-container clone, local-path remotes skipped); * a Cleanup warning about lost in-container commits when running `sbx rm` (mirrors the runtime warning). - security/isolation.md: adds the "Source-repository isolation" section introduced in docker#25007. Same content, but uses `--clone` and "clone mode" terminology throughout, plus a clarifying note that `sbx rm` warns before dropping unfetched/unpushed commits. - security/workspace.md: the existing "Branch mode" stub (claiming the old `--branch` was a "workflow convenience, not a security boundary") is replaced with a "Clone mode" section that explicitly calls out the isolation guarantee — clone mode IS a security boundary, the host's `.git` cannot be touched. - security/_index.md: source-repository isolation is added to the five-layer model (was four). Wording aligned with isolation.md. Migration: callers that scripted `sbx create --branch=feature/x` now pass `--clone` and tell the agent to create the branch. This PR is an alternative to docker#25007, written against the post-rename CLI. Signed-off-by: Nicolas De loof <nicolas.deloof@gmail.com>
✅ Deploy Preview for docsdocker ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
docker-agent
left a comment
docker-agent
left a comment
There was a problem hiding this comment.
Assessment: 🟢 APPROVE
The PR cleanly documents the --clone mode for Docker Sandboxes, replacing the previous --branch/worktree approach. The changes across all four files are technically accurate, internally consistent, and well-structured.
What was reviewed:
security/_index.md— 4-layer → 5-layer model (source-repository added)security/isolation.md— New "Source-repository isolation" section with diagramsecurity/workspace.md— Branch mode stub → Clone mode (security boundary)usage.md— Clone mode rewrite, propagated remotes, cleanup warning
No high or medium issues found. Commands, flags (--clone), front matter fields, and cross-references all appear correct. The cleanup > [!WARNING] callout for sbx rm dropping uncommitted in-container commits is accurate and appropriately prominent.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Alternative to #25007 — written against the post-rename CLI (
--branch[=NAME]→--clone, boolean) from docker/sandboxes#3055.Replaces the entire "Branch mode" documentation with "Clone mode":
--cloneinstead of--branch=NAME/--branch=autogit checkout -b ...inside the sandbox.sbx/<name>-worktrees/...directory (clone lives on the container's overlay filesystem)git push originagainst the user's fork as on the hostKeeps the security framing from #25007:
security/isolation.md(same diagram and guarantees, terminology updated)security/workspace.mdcalls out that this IS a security boundary, not just a workflow conveniencesecurity/_index.md(adds source-repository)Adds a Cleanup warning in usage.md —
sbx rmdrops in-container commits that haven't been fetched (git fetch sandbox-<name>) or pushed; the CLI surfaces a runtime warning before deletion.Files changed
usage.md.sbx/worktree section, add propagated remotes, add cleanup warningsecurity/isolation.mdsecurity/workspace.mdsecurity/_index.mdTest plan
#clone-modeand#source-repository-isolationresolvevalepasses (verified locally — zero errors in changed files)--branchreferences on the sandbox pagesMigration note
Callers that scripted
sbx create --branch=feature/xnow pass--cloneand instruct the agent to create the branch (e.g. viagit checkout -b feature/x).🤖 Generated with Claude Code