the universal sandbox runtime for agents and humans.
pocketenv.io
sandbox
openclaw
agent
claude-code
vercel-sandbox
deno-sandbox
cloudflare-sandbox
atproto
sprites
daytona
1# Changelog
2
3All notable changes to this project will be documented in this file.
4
5## [0.7.1] - 2026-04-12
6
7### Added
8
9- **Daytona images and async sandbox creation**: Sandbox images are now resolved from a registry, and Daytona sandboxes support asynchronous creation with image-based provisioning.
10- **Optional session key for shared PTY sessions**: PTY sessions now accept an optional `sessionId` URL parameter as a session key, allowing multiple connections to share the same terminal session.
11- **Locale and dev tools in Dockerfiles**: Daytona and Modal Dockerfiles now set `LANG`/`LC_ALL`, `TARGETARCH`, and include common dev tools for a more complete environment.
12- **Modal pty-tunnel logging**: Added structured logging for the Modal pty-tunnel server to aid debugging.
13
14### Changed
15
16- **WebSocket terminal streams**: Terminal sessions now stream over WebSockets with buffering and message replay during session setup, replacing raw HTTP streams.
17- **Bash shell across all providers**: PTY sessions for Modal and E2B providers now use `bash`, consistent with the Vercel provider. Daytona sandboxes also default to `bash`.
18- **SHELL set to bash in Dockerfiles**: All Cloudflare, Daytona, and Modal Dockerfiles now set `SHELL ["/bin/bash", "-c"]` and fix `chsh` usage.
19- **WORKDIR set to user home in Dockerfiles**: Container working directory defaults to the user's home directory.
20- **`$HOME` used for tool install paths**: oh-my-posh theme and BLE install prefix now use `$HOME` instead of hardcoded paths.
21- **Daytona -medium snapshot variants**: Daytona Dockerfiles now include `-medium` snapshot image variants.
22- **tigrisfs pinned in Dockerfiles**: tigrisfs version is now pinned in all Dockerfiles for reproducible builds.
23
24### Fixed
25
26- **Stale PTY session eviction**: PTY sessions are now evicted when stale and properly cleaned up when the connection closes, preventing resource leaks.
27- **Debug WebSocket URL log removed**: Removed an accidental debug log that printed the WebSocket URL on connection.
28
29---
30
31## [0.7.0] - 2026-04-12
32
33### Added
34
35- **Modal sandbox provider**: Full support for [Modal](https://modal.com) as a sandbox provider.
36 - Modal sandbox creation, management, and PTY/SSH sessions.
37 - Pre-built Modal Docker images with `pty-tunnel-server` and npm/bun toolchains.
38 - CI integration: `modal-sandbox` tests run in GitHub Actions with Bun.
39- **E2B sandbox provider**: Full support for [E2B](https://e2b.dev) as a sandbox provider.
40 - E2B authentication via `E2B_API_KEY` environment variable (replaces former `e2bAccessToken`).
41 - `pocketenv sandbox create --provider e2b` with configurable default CPU/memory resources.
42 - PTY and SSH sessions for E2B sandboxes.
43- **WebSocket support for SSH/TTY/PTY sessions**: Terminal sessions now upgrade to WebSocket connections, centralizing upgrade handling across all providers.
44- **Cloudflare R2 mounts via tigrisfs**: Sandbox mounts now use [tigrisfs](https://github.com/tigrisdata/tigrisfs) (pinned to v1.2.1) for Cloudflare R2-backed storage, replacing direct FUSE mounting.
45- **FUSE support in Vercel sandbox**: Vercel sandboxes now install and load the FUSE kernel module to support tigrisfs mounts.
46
47### Changed
48
49- **E2B API key renamed**: `e2bAccessToken` / `e2bAccessTokenRedacted` fields renamed to `e2bApiKey` / `e2bApiKeyRedacted` throughout schema and helpers.
50- **Preset YAMLs loaded at runtime**: Preset YAML files are now loaded dynamically at runtime instead of being bundled as static imports, reducing build size.
51- **Production builds minified with source maps**: Build output is now minified with source maps enabled for production.
52- **PTY session handling refactored**: PTY/SSH logic extracted into the Vercel module for reuse across Modal and E2B providers.
53- **Parallelized output reads and background mounts**: Sandbox output reads and mount operations now run concurrently for faster startup.
54- **Use bash for sandbox PTY**: Sandbox PTY sessions now use `bash` instead of `sh` for a better interactive experience.
55- **sandboxId handling for Modal/E2B**: Modal and E2B sandboxes follow the same `sandboxId` lifecycle as Deno Deploy — cleared on stop, always set from `sandbox.id`.
56
57### Fixed
58
59- **Sandbox recovery on ID fetch failure**: If fetching an existing sandbox by ID fails, a new sandbox is created automatically as a fallback.
60- **PUBLIC_KEY / PRIVATE_KEY validation**: Decrypt helpers now validate that both keys are present before attempting decryption.
61
62---
63
64## [0.6.9] - 2026-04-07
65
66### Added
67
68- **Sandbox backup commands**: New `pocketenv backup` subcommand group for managing sandbox backups.
69 - `pocketenv backup create <sandbox> <directory>` — create a backup of a directory inside a sandbox, with optional `--description` and `--ttl` (e.g. `10m`, `2h`, `7d`; default `3d`).
70 - `pocketenv backup restore <backup_id>` — restore a sandbox from a previously created backup.
71 - `pocketenv backup list <sandbox>` (alias: `ls`) — list all backups for a sandbox, showing backup ID, directory, creation time, and expiry.
72
73### Changed
74
75- **Default backup TTL reduced to `3d`**: The default time-to-live for new backups is now `3d` (was `7d`).
76
77---
78
79## [0.6.8] - 2026-04-06
80
81### Changed
82
83- **Bumped CLI version to 0.6.8**.
84- **Updated `@pocketenv/sdk` to `^0.2.7`**: CLI now depends on the latest SDK release.
85- **Auto-open VS Code preview**: The `vscode` command now logs and automatically opens the preview URL in the default browser.
86
87
88## [0.6.7] - 2026-04-06
89
90### Changed
91
92- **Bumped CLI version to 0.6.7**.
93- **Updated `@pocketenv/sdk` to `^0.2.6`**: CLI now depends on the latest SDK release.
94
95
96## [0.6.6] - 2026-04-06
97
98### Changed
99
100- **Bumped CLI version to 0.6.6**.
101- **Updated `@pocketenv/sdk` to `^0.2.5`**: CLI now depends on the latest SDK release.
102
103---
104
105## [0.6.5] - 2026-04-06
106
107### Changed
108
109- **Bumped CLI version to 0.6.5**.
110- **Updated `@pocketenv/sdk` to `^0.2.4`**: CLI now depends on the latest SDK release.
111
112---
113
114## [0.6.4] - 2026-04-06
115
116### Added
117
118- **Sandbox presets**: YAML-based preset system for sandbox bases (amp, claude, codex, and others). A new `prepareSandbox` helper parses and executes preset steps with conditional checks.
119- **Preset type and schema validation**: `Preset` type and Zod schema added for validating sandbox preset definitions.
120- **Provider column in `list` and `ps`**: The `pocketenv list` and `pocketenv ps` commands now show the sandbox provider.
121- **`@chrysb/alphaclaw` in OpenClaw images**: AlphaClaw is now pre-installed in OpenClaw sandbox images.
122- **Unit tests and CI workflows**: Vitest-based unit tests and GitHub Actions CI workflows added for `apps/api`, `apps/cli`, and `apps/cf-sandbox`.
123
124### Changed
125
126- **Sandbox app modularized**: Sandbox routes and helper logic have been split into separate modules for better maintainability.
127- **Bash runs in interactive mode for TTY sessions**: Sandbox TTY sessions now invoke `bash` in interactive mode (`-i`) for correct profile sourcing.
128- **`sudo`-first `apt-get` in sandbox presets**: Preset install commands now use `sudo apt-get` for compatibility with non-root sandbox environments.
129- **Bumped `@pocketenv/sdk`**: CLI updated to use the latest SDK release.
130
131### Fixed
132
133- **Only install Tailscale if missing**: Tailscale setup now skips installation when it is already present in the sandbox.
134- **Condition check in `prepareSandbox`**: Fixed an incorrect condition guard that could skip required preset steps.
135- **Command failures propagated correctly**: `exec` errors are now unwrapped and propagated so preset failures surface clearly.
136- **Do not throw on non-fatal command failures in `prepareSandbox`**: Non-critical preset steps no longer abort the entire preparation sequence.
137- **`env` import in sprites provider**: Fixed import to use `env` from `node:process` instead of a bare global reference.
138
139---
140
141## [0.6.3] - 2026-04-05
142
143### Changed
144
145- **Migrate CLI to `@pocketenv/sdk`**: All direct API/axios calls have been replaced with the official `@pocketenv/sdk`. A new `configureSdk()` helper initialises the SDK once per command using the resolved auth token. Encryption, redaction, and SSH key generation for secrets, files, tailscale, and SSH keys are now handled by the SDK internally. The `waitUntilRunning` local helper has been removed in favour of `sandbox.waitUntilRunning()`.
146
147---
148
149## [0.6.2] - 2026-04-05
150
151### Added
152
153- **Nested ignore file support**: `loadIgnoreFiles` and `makeIsIgnored` now handle per-directory `.gitignore`/`.pocketenvignore` contexts when packaging, correctly applying ignore rules at each directory level.
154- **Ignore file unit tests**: Comprehensive Vitest-based test suite for the ignore logic, with a `vitest.config.ts` and updated dev deps/test scripts.
155
156### Fixed
157
158- **Sandbox dotfile copying**: Enabled `bash dotglob` in sandbox copy commands so dotfiles are included when copying directories.
159
160---
161
162## [0.6.1] - 2026-04-04
163
164### Added
165
166- **`pocketenv ps` command**: New CLI subcommand to list all running sandboxes in a formatted table showing name, base image, uptime, and creation time.
167
168### Fixed
169
170- **`push-directory` tar archive handling**: Fixed directory archiving to use `-C` with basename so paths inside the archive are relative. Non-directory paths are now handled correctly, and archives are compressed before being pushed to the sandbox. The sandbox side now decompresses the archive to the correct destination.
171
172---
173
174## [0.6.0] - 2026-03-31
175
176### Added
177
178- **PTY support with pty-tunnel and UI integration**: Full pseudo-terminal (PTY) support via a `pty-tunnel` server, wired into the web UI for interactive terminal sessions in the browser.
179- **Vercel credentials when starting sandbox**: Vercel auth tokens and project IDs are now passed through when starting a Vercel-backed sandbox.
180- **Vercel auth fields and DB migration**: New database fields for Vercel (`vercelApiToken`, project/deployment IDs) with a corresponding migration.
181- **Vercel auth persisted on create**: Vercel auth is now saved when a sandbox is first created.
182
183### Changed
184
185- **Fixed PTY port 26661**: The PTY tunnel server now uses a fixed port for predictable connections.
186- **`sandboxId` validated for terminal sessions**: Terminal sessions now validate and use the correct `sandboxId`.
187- **Zeroclaw bumped to v0.1.7-beta.1** and switched to `openagen`.
188- **`sandboxId` cleared for Deno and Vercel on stop**: Sandbox ID is properly cleared when stopping Deno/Vercel sandboxes.
189- **`jsonlines` packages pinned to exact versions** for reproducible builds.
190
191### Fixed
192
193- **Guarantee newline for PTY stdout**: PTY stdout now always ends with a newline; `sh` added for compatibility.
194- **Pipe PTY tunnel server stdout into listener**: PTY output is properly forwarded to connected clients.
195- **Await socket open and capture sandbox logs**: Socket is awaited before proceeding; sandbox start logs are now captured.
196- **Zod schema messages and `superRefine` closure**: Fixed validation error messages and properly closed `superRefine` calls.
197- **Misspelled `redactedSpriteToken`** corrected (was `redacredSpriteToken`).
198- **`vercelApiKey` renamed to `vercelApiToken`** for naming consistency.
199
200---
201
202## [0.5.0] - 2026-03-30
203
204### Added
205
206- **Multi-provider auth system**: New auth tables and token support for Daytona, Deno, Sprite, and Vercel providers. Tokens are stored with redacted columns for safe display.
207- **Sandbox provider preferences**: Users can set and persist a preferred sandbox provider via a new UI and API. API key is cleared when the provider changes.
208- **Provider token handling**: Daytona and Deno provider tokens are fetched and passed through sandbox operations. Sprite token support added.
209- **Daytona auth support**: Full Daytona authentication with `organizationId` and `organization_id` fields, including graceful handling when the API key is missing.
210- **Terminal SSH client**: New SSH client wired into the `ssh` command, with buffered SSH output until an SSE client connects.
211- **Redis-backed rate limiter**: New rate limiter middleware using Redis (500 requests per 30s).
212- **`sandbox()` client**: Sandbox operations now use a unified `sandbox()` client; Daytona snapshot is set on start.
213
214### Changed
215
216- **`sandboxId` updated after start and SSH fetch**: Ensures the sandbox ID is kept in sync after provider start and SSH key retrieval.
217- **`sandbox.start()` called before fetching params**: Provider start is now invoked earlier in the sandbox lifecycle.
218- **Sandbox created if missing on start**: The `start` command now creates a sandbox if one does not already exist.
219- **Increased default memory and disk sizes**: Higher resource defaults for sandboxes.
220- **Rate limiter threshold raised**: Redis rate limiter now allows 500 requests per 30-second window.
221
222### Fixed
223
224- **Conditionally save prefs and accept masked key**: Provider preferences are only saved when changed; masked/redacted keys are accepted without overwriting.
225- **`organizationId` in sandbox provider prefs**: Organization ID is now included in provider preference payloads.
226- **Stray `console.log` removed** from `getPreferences`.
227- **SSH session connection info logged** for easier debugging.
228
229---
230
231## [0.4.0] - 2026-03-29
232
233### Added
234
235- **Services support**: Full services feature across the stack — schema, API endpoints, lexicon, CLI commands, and a web management UI. Sandboxes can now define, start, stop, and monitor named services.
236- **`pocketenv service` CLI commands**: New CLI subcommands for managing sandbox services (start, stop, status).
237- **Service start/stop API endpoints**: New API routes for starting and stopping individual services with JSON responses.
238- **Service status tracking**: Service status is now exposed and updated on start; services are set to `STOPPED` when their sandbox is stopped.
239- **`--keep-alive` option for `start`**: The `start` command now accepts `--keep-alive` to keep the sandbox running after the terminal session ends.
240- **Cursor sandbox deployment**: New Cursor-based sandbox provider with publish workflow model support.
241- **Sandbox lookup by id, name, or URI**: Sandbox resolution now accepts any of these identifiers uniformly.
242
243### Changed
244
245- **`npm` global bin added to PATH in Dockerfile**: Ensures globally installed npm packages are available in the sandbox.
246- **Increased Cloudflare default memory and disk**: Higher resource defaults for Cloudflare sandbox deployments.
247- **`record.id` used for sandbox wiring**: Sandbox CLI calls now use `record.id` consistently.
248- **Services started when starting sandbox**: All configured services are automatically started when a sandbox starts.
249
250### Fixed
251
252- **ON DELETE CASCADE on sandbox foreign keys**: Sandbox-related records are now automatically removed when a sandbox is deleted.
253- **Service start guard**: Prevents starting a service that is already running.
254- **Service delete logs success**: A success message is now logged after a service is deleted.
255
256---
257
258## [0.3.5] - 2026-03-27
259
260### Fixed
261
262- **Ctrl+C signal handling**: Replaced `stty raw` with `stty -icanon -echo` when probing terminal background color, preventing `ISIG` from being disabled so Ctrl+C continues to work even if the terminal restore fails.
263- **Terminal restore robustness**: `tty` close and `stty` restore in the `finally` block are now wrapped in individual try/catch blocks to avoid masking earlier errors.
264
265---
266
267## [0.3.4] - 2026-03-27
268
269### Added
270
271- **Nanoclaw sandbox provider**: New Cloudflare-based `nanoclaw` sandbox deployment with its own Dockerfile, Wrangler config, and banner.
272- **Volume support for Sprites, Daytona, Deno, and Vercel providers**: All major providers now support volume mounting alongside the existing Cloudflare provider.
273- **`@anthropic-ai/claude-code` in Dockerfiles**: Claude Code is now pre-installed in sandbox images.
274- **`keepAlive` option**: Sandbox APIs now accept a `keepAlive` option to control sandbox lifecycle.
275- **Sandbox reuse by repo and DID**: When a matching sandbox (same repo + DID) already exists, it is returned instead of creating a new one.
276- **GitLab repo expansion**: CLI and web now support GitLab repository URLs in addition to GitHub and Tangled.
277- **`/new` page in web**: New page for creating sandboxes directly from a repository URL.
278- **"Open in Pocketenv" badge**: Added SVG badge and README integration so projects can link directly to Pocketenv.
279- **GitHub downloads badge**: README now shows a download count badge.
280- **VS Code expose button in web UI**: Sandbox detail page now has a button to expose VS Code and open the preview URL.
281- **`folder` param for Cloudflare preview URL**: Preview URL generation now accepts an optional folder parameter.
282
283### Changed
284
285- **Sandbox creation flow**: Sandbox is now started on create; `sandboxId`, `status`, and `startedAt` are set on start. The `sandboxId` is no longer cleared on stop.
286- **Async repo cloning**: Repository cloning on sandbox creation is now done asynchronously, unblocking the terminal session sooner.
287- **Sandbox configs run in background on start**: Provider config steps are now non-blocking.
288- **Sandbox POST moved outside DB transaction**: Improves reliability of sandbox creation under load.
289- **s3fs options**: `compat_dir` option enabled; `s3fs` is now exec'd directly for volume mounting.
290- **Sandbox instance type**: Upgraded to `standard-3` for improved performance.
291- **Zerobrew setup**: Zerobrew binaries moved to root `~/.local/bin` and installed consistently across sandbox, Daytona, and Cloudflare Dockerfiles. Zerobrew installer script removed in favor of direct binary install.
292- **`node:lts-trixie-slim` base image**: Codex and related sandbox images now use `node:lts-trixie-slim`.
293- **`coder` user added to Codex and CF sandbox Dockerfiles**.
294- **oh-my-posh install combined** with Node version bump to reduce image layers.
295- **Stale sandbox port cleanup**: `sandboxPorts` records are now deleted for stale sandboxes.
296- **`exposeVscode` allows unauthenticated queries** for public (userId-less) sandboxes; AT Protocol agent creation is deferred until the sandbox has an `at://` URI.
297- **Sandbox filtered by base segment** when looking up existing sandboxes.
298- **Sandbox start retries removed**: Retry wrappers and readiness waits have been simplified; sandbox is started once before opening the terminal session.
299
300### Fixed
301
302- **Terminal rendering issue**: Fixed a CLI rendering bug affecting terminal output (theme.ts).
303- **Volume not correctly mounted on start**: Fixed volume mount logic when starting an existing sandbox.
304- **Sandbox port upsert**: Port record is now inserted if an update hits no rows.
305- **Sandbox port deduplication**: Stale sandbox ports are cleaned up to avoid duplicate entries.
306
307---
308
309## [0.3.3] - 2026-03-23
310
311### Added
312
313- **`waitUntilRunning` helper**: CLI now waits for a sandbox to reach RUNNING status (up to 60s, polling every 2s) before connecting via SSH in `create` and `start` commands.
314- **Sandbox cleanup cron**: New cron job and worker list to automatically clean up uninitialized sandboxes every 5 minutes.
315
316### Changed
317
318- **Logging for sandbox cleanup**: Uninitialized sandbox cleanup now logs when it runs.
319
320---
321
322## [0.3.2] - 2026-03-22
323
324### Added
325
326- **Shorthand repo names**: The `--repo` flag in `create` and `start` commands now accepts shorthand notation (`github:owner/repo`, `tangled:owner/repo`) in addition to full URLs.
327
328---
329
330## [0.3.1] - 2026-03-22
331
332### Added
333
334- **Wasmer sandbox deployment**: New Wasmer runtime provider.
335- **Wasmer runtime in sandbox config**: Added Wasmer as a supported runtime option in sandbox configuration.
336- **`pocketenv exec` command**: New CLI command to execute commands inside a running sandbox via the exec RPC endpoint.
337- **Sandbox exec API**: New API endpoint for executing commands in sandboxes.
338- **Specify repo when starting sandbox**: The `start` command now accepts a `--repo` flag to clone a repository when starting a sandbox.
339- **Zoxide**: Added `zoxide` to sandbox images for smart directory jumping.
340- **`~/.local/bin` in PATH**: Sandbox images now include `~/.local/bin` in `PATH`.
341- **Deno in PATH**: Deno binary is now correctly added to `PATH` in sandbox Dockerfiles.
342- **`TARGETARCH` build arg**: `cf-sandbox` Dockerfile now uses `TARGETARCH` for multi-architecture builds.
343
344### Changed
345
346- **Enhanced cf-sandbox Dockerfile**: Added more developer tools to the Cloudflare sandbox image.
347- **`code-server` settings path**: Now uses `$HOME` for the code-server settings path for correctness across users.
348- **Cloudflare sandbox wrangler instances**: Switched to `standard-3` instance type.
349- **CI: Bun install via script**: GitHub Actions workflows now install Bun via the official install script instead of a pinned action version.
350- **Sandbox ID generation**: Sandbox IDs are now generated using `getRandomValues` (16-byte, random) for better uniqueness.
351- **Sandbox creation**: Uses `record.sandboxId` when creating sandbox records.
352- **Sandbox provider validation**: Cloudflare provider is now required and `sandboxId` must be empty on creation.
353- **Sandbox run validation**: Sandbox must be in RUNNING state before a run can be created.
354- **Sandbox lookup**: Uses `sandboxId` field consistently when retrieving sandboxes.
355- **Sandbox start order**: Sandbox is now started before fetching params and cloning the repository.
356- **Instance resources**: Sandbox configs now specify explicit instance resource requirements.
357
358### Fixed
359
360- Fixed newline not being appended to stdout/stderr when missing.
361- Fixed duplicate sandbox port inserts.
362
363---
364
365## [0.3.0] - 2026-03-22
366
367### Added
368
369- **VS Code in browser (code-server)**: Sandboxes now include a full VS Code experience via [code-server](https://coder.com/docs/code-server), using the Lynx theme and CascadiaMono font by default.
370- **`exposeVscode` endpoint and CLI command**: Expose the VS Code (code-server) port directly from the CLI with `pocketenv vscode`.
371- **Rootless Docker support**: Sandbox images now run `dockerd` as the `coder` user with rootless Docker enabled.
372- **Node.js 22**: Sandbox images now ship Node.js 22 (Alpine), replacing the manual tarball approach.
373- **`exposePort` preview URL**: The `expose` command now returns and displays the preview URL after successfully exposing a port.
374- **Port 1024 support**: Port 1024 is now accepted in both `exposePort` and `unexposePort` schemas.
375- **Tailscale support**: Sandboxes can now connect to a Tailscale network; auth keys are decrypted and passed to `setupTailscale` automatically.
376- **Repository cloning**: Sandboxes can clone a git repository on terminal open, with SSH keys generated and `ssh-keyscan` entries pre-configured for GitHub and Tangled.
377- **SSH option for `create`**: `pocketenv create --ssh` provisions sandboxes with SSH key support.
378- **Volume and file CLI commands**: New `pocketenv volume` and `pocketenv file` subcommands for managing sandbox volumes and files.
379- **Port CLI commands**: New `pocketenv port expose` and `pocketenv port unexpose` commands.
380- **Sandbox lookup by name, ID, or URI**: Sandboxes can now be looked up by any of these identifiers from the CLI and API.
381- **R2 volume mounting**: Cloudflare sandbox volumes are mounted via `s3fs-fuse` with an optional path prefix.
382- **Colored ASCII banner in CLI**: The CLI now displays a styled ASCII banner on startup.
383- **Install script**: A standalone `install.sh` script is available for quick installation on Linux and macOS.
384
385### Changed
386
387- **Font standardized to CascadiaMono**: All sandbox Docker images now consistently use CascadiaMono (WOFF2/TTF) for the terminal and VS Code.
388- **`npm`/`npx` wrappers**: Sandbox images now use `sh` wrapper scripts pointing to `npm-cli.js` and `npx-cli.js` for reliable Node invocation.
389- **Dockerfile hygiene**: Normalized `ENV` syntax, removed stray characters, and cleaned up PATH configuration across all sandbox Dockerfiles.
390- **`fontconfig` installed**: Font directory ownership and `fontconfig` package are now set up correctly in sandbox images.
391- **`alpine-sdk` and `krb5-dev`**: Added to Dockerfile for builds that require native compilation.
392- **Sandbox port minimum raised to 1024** (was 1025 in some paths; now consistently 1024+).
393- **Sandbox IDs normalized to lowercase**.
394- **Sandbox ports synced to AT Protocol records**.
395- **`sandbox stop` now unmounts volumes** before stopping the container.
396- **`sudo` added to sandbox images** for the `coder` user.
397- **CLI theme and output**: Uses theme colors consistently; `consola.success` for success messages; piped secrets are now supported.
398- **Cloudflare sandbox session code disabled** (temporary, pending rework).
399
400### Fixed
401
402- Fixed VS Code port not being special-cased during port exposure.
403- Fixed `sandbox stop` PATH normalization in Dockerfile.
404- Fixed font directory not being created before code-server installation.
405- Fixed `npm`/`npx` symlinks in sandbox images.
406- Fixed stray backslash in Dockerfile causing build failures.
407- Fixed SSH key reinitialization being allowed after first setup.
408- Fixed `execFile` argument array for `tailscale up` invocation.
409- Fixed misspelled `tailescaled` → `tailscaled`.
410- Fixed empty string returned instead of `null` in some API responses.
411- Fixed `known_hosts` not being properly cleared on reconnect.
412- Fixed file writes not ending with a newline.
413
414### Dependencies
415
416- Bumped `effect` to `3.20.0` in `apps/cli`.
417- Bumped `undici` and `wrangler` in `apps/cf-sandbox`.
418- Bumped `vitest` to `2.1.9` in `apps/app-proxy`.
419
420---
421
422## [0.2.4] - 2026-03-16
423
424- Bump CLI version to 0.2.4.
425
426## [0.2.3] - prior
427
428- Refactored CLI help styling and footer.
429- Added colored ASCII banner to CLI.
430- Replaced CaskaydiaCove fonts with WOFF2 versions.
431- Added Bash and Homebrew install instructions to web.
432- Added install script for pocketenv releases.
433- Added `setupTailscale` stubs to providers.
434- Installed pm2 globally in Daytona and Zeroclaw Dockerfiles.
435
436## [0.2.2] and earlier
437
438See git history for previous changes.