2026年06月02日 Release v0.3.0

CubeSandbox 0.3.0 introduces CubeCoW, a Copy-on-Write snapshot engine that brings hundred-millisecond snapshot, clone, and rollback capabilities to AI Agent sandboxes. This release also adds the AgentHub digital assistant console (Preview), a Web UI for visual management, and the Go SDK. With 82 commits from 22 contributors, v0.3.0 is the largest release since open-sourcing.

🎯 Major Features

CubeCoW: Snapshot, Clone & Rollback

• CubeCoW Copy-on-Write snapshot engine (feat: introduce cubecow Copy-on-Write snapshot engine with full lifecycle management #360 ): A full-lifecycle CoW snapshot engine using reflink-based volume snapshots, providing efficient block-level snapshot operations for sandbox volume management. Create lightweight, space-efficient checkpoints at any moment.
• Soft-dirty incremental memory snapshots (feat(snapshot): add soft-dirty per-cycle incremental memory snapshots #389 ): Per-cycle incremental memory snapshots via soft-dirty page tracking, dramatically reducing snapshot time and storage for repeated snapshot cycles. Only dirty pages are captured after the first full snapshot.
• Snapshot restore & vsock handling (virtio-devices: vsock: RST vsocks on snapshot restore #388 ): VSOCK connections are properly reset on snapshot restore, ensuring clean connection state after rollback.
• Snapshot I/O optimization (hypervisor/vmm: drop sync_all() from all snapshot write paths #400 ): Removed unnecessary sync_all() calls from all snapshot write paths, significantly reducing snapshot write latency without compromising data integrity.
• Demo suite & developer guide ((CubeAPI)examples,docs: add snapshot/rollback/clone demo suite and guide #374 ): A complete demo suite and step-by-step guide covering snapshot, rollback, and clone workflows, with runnable examples.
• Host-mount pause snapshot restore fix: Fixed snapshot restore for sandboxes with paused host-mount filesystems.

AgentHub Digital Assistant Console (Preview)

• AgentHub API & UI (feat: add AgentHub digital assistant console #420 ): A complete digital assistant console built on top of CubeSandbox. Includes:
  • AgentHub persistence layer and assistant lifecycle management
  • OpenClaw setup integration for AI agent orchestration
  • Snapshot timeline with visual checkpoint creation and rollback
  • Clone sandboxes into parallel exploration environments
  • Template actions for reusable assistant configurations
  • Model settings and WeCom notification configuration
  • Full i18n support (English & Chinese)

Web UI

• Management dashboard (feat(web): add WebUI with sandbox/template/node management and template store #299 ): A browser-accessible Web UI for managing sandboxes, templates, and cluster nodes. Includes a template store for browsing and deploying pre-built sandbox images. No CLI needed for common operations.

🛠️ SDK

Python SDK (v0.2.1)

• Template creation API (feat(python-sdk): add template creation API #365 ): Create sandbox templates programmatically from Python, enabling end-to-end automation without shell commands.
• envd process API migration (#1676a0fc): Commands now run through the envd process API, improving reliability and consistency.
• Process exit edge-case handling (#a210dfc2): Fixed edge cases in envd process lifecycle management, preventing hung commands.
• Stderr coverage & file fallback hardening (#9e2c64ab): Improved error output capture and hardened file operation fallback paths.
• envd defaults & network policy alignment (fix(python-sdk): align envd defaults and network policy #418 ): Aligned envd service defaults and network policy configuration with the server-side defaults.

Go SDK (New)

• Initial Go SDK release (#5de861ac, #3b5caf29): A complete Go SDK providing typed API bindings for sandbox lifecycle management, enabling Go applications to create, manage, and destroy sandboxes natively.

✨ Enhancements

Deployment

• Systemd-based one-click deployment (feat(deploy): migrate one-click deployment to systemd management #331 ): The one-click installer now manages all services through systemd, providing proper service supervision, automatic restart on failure, and systemctl integration.
• Docker Compose container lifecycle (refactor(one-click): drive container lifecycle through docker compose #386 ): Container lifecycle management migrated to Docker Compose, simplifying multi-container orchestration and improving restart behavior.
• Early pre-download checks (feat(deploy): implement early pre-download checks for online installer #288 ): The online installer now validates network connectivity and disk space before downloading, preventing mid-installation failures.
• Health check & diagnostic scripts (deploy: add one-click health check and diagnostic scripts #305 ): New check.sh and collect-logs.sh scripts for one-click deployment health verification and log collection.
• Cgroup v2 CPU controller preflight check (feat(deploy): add cgroup v2 CPU controller preflight check #367 ): The installer detects missing cgroup v2 CPU controller support and provides actionable guidance before proceeding.
• Network-agent readiness wait (deploy: wait for network-agent readiness in one-click startup #304 ): The installer now waits for network-agent to be fully ready before proceeding, eliminating race conditions during initial setup.
• Docker bind-mount directory prevention (feat(one-click): prevent Docker from creating directories at bind-mount file paths #417 ): Prevent Docker from auto-creating directories at bind-mount file paths, ensuring correct mount behavior.
• Guest image optimization (feat(guest-image): shrink ext4 image after creation and optimize Dockerfile #347 ): Ext4 images are now shrunk after creation and the Dockerfile is optimized, reducing image size and pull time.

Infrastructure

• Centralized schema migration (feat(CubeMaster/dao): introduce centralized schema migration with goose #385 ): CubeMaster now uses goose for database schema migrations, enabling versioned, automated schema management across upgrades.
• Node resource reporting (feat(cubelet): report allocated node resources to cubemaster #382 ): Cubelet now reports allocated node resources (CPU, memory, disk) to CubeMaster, enabling cluster-wide resource awareness.
• Path-based sandbox routing (feat(cubeproxy): add path-based sandbox routing and shared backend resolution #334 ): CubeProxy supports path-based sandbox routing and shared backend resolution, improving routing flexibility.
• Scheduler metrics (feat(Cubelet): expose scheduler metrics as Prometheus gauges on /v1/metrics #326 , fix(cubelet): register metric plugin to enable /v1/metrics/scheduler endpoint #301 ): Cubelet exposes scheduler metrics as Prometheus gauges on /v1/metrics, enabling real-time monitoring of sandbox scheduling and resource utilization.

🐛 Bug Fixes

• Pause/resume state convergence (fix(cubelet): converge pause/resume state on ttrpc errors and shim events #404 ): Fixed pause/resume state drift on ttrpc errors and shim events, ensuring consistent sandbox lifecycle state.
• Shim readiness handshake (fix(shim): keep readiness handshake by not redirecting stdout (fd 1) #398 ): Fixed the shim readiness handshake by not redirecting stdout (fd 1), preventing silent initialization failures.
• Network resource leak (fix(network): resolve network resource leak on sandbox creation failure #314 ): Resolved a network resource leak during sandbox creation that could exhaust available network interfaces over time.
• Host-mount cleanup (fix(Cubelet): cleanup host-mount dirs after sandbox destroy #333 ): Host-mount directories are now properly cleaned up after sandbox destruction, preventing disk space accumulation.
• Cloud Hypervisor disk API (fix(Cubelet): use correct Cloud Hypervisor disk API endpoint #337 ): Fixed incorrect Cloud Hypervisor disk API endpoint usage that could cause disk operation failures.
• Template commit idempotency (fix(template-commit): enforce requestID uniqueness and add idempotent commit resue #336 ): Enforced requestID uniqueness and added idempotent commit reuse, eliminating duplicate template commits from retried requests.
• Config parsing (fix(cubelet): use tomlext.Duration for NodeStatusUpdateFrequency #396 ): Fixed NodeStatusUpdateFrequency to use tomlext.Duration for correct TOML duration parsing.
• Input validation (fix(cubelet): validate inputs at command-execution call sites #344 ): Added input validation at command-execution call sites to catch invalid parameters early.
• Concurrent DNS handling (fix(deploy): tolerate concurrent DNS dummy link creation #363 ): Tolerate concurrent DNS dummy link creation, preventing race-condition failures during parallel sandbox creation.
• PMEM boundary alignment (fix(deploy): align shrunk guest images to pmem boundary #351 ): Shrunk guest images are now aligned to pmem boundary, fixing boot failures on certain configurations.
• Quickcheck readiness (fix(deploy): wait for quickcheck containers to be ready #349 ): Wait for quickcheck containers to be ready before proceeding, eliminating false-positive health check failures.
• Service binding security (fix(deploy): bind MySQL/Redis to localhost and switch CubeProxy to host networking #269 ): MySQL/Redis now bind to localhost by default, and CubeProxy uses host networking for improved network security.
• Service startup ordering (fix(deploy): order cube-proxy.service after cube-sandbox-dns.service #346 ): cube-proxy.service is now ordered after cube-sandbox-dns.service, preventing DNS resolution failures at startup.
• Image digest handling (fix(templatecenter): strip canonical prefix from image digest #303 ): Stripped canonical prefix from image digests in the template center, fixing image reference mismatches.
• Paused state reporting (cubeapi: fix paused state parsing in sandbox list #270 ): Fixed paused sandbox state in list responses, ensuring accurate sandbox status display.
• Build version injection (fix(build): inject version info via ldflags for cubelet and cubemaster #327 ): Build version info is now properly injected via ldflags for cubelet and cubemaster binaries.

🔒 Security

• Prometheus upgrade (agent: upgrade prometheus to 0.14.0 to drop vulnerable protobuf 2.28.0 #328 ): Upgraded prometheus client to 0.14.0, dropping the vulnerable protobuf 2.28.0 dependency.
• reqwest upgrade (CubeAPI: upgrade reqwest to 0.12 to fix rustls-webpki CVE #323 ): Upgraded reqwest to 0.12 in CubeAPI, fixing the rustls-webpki CVE.
• libseccomp upgrade (agent: upgrade libseccomp to 0.3.0 to fix GHSA-2r23-gqr7-wr4h #321 ): Upgraded libseccomp to 0.3.0, fixing GHSA-2r23-gqr7-wr4h.
• go-jose bump (build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /Cubelet #320 ): Bumped go-jose/v4 to the latest secure version.
• gRPC dependency bump (build(deps): bump google.golang.org/grpc from 1.76.0 to 1.79.3 in /CubeMaster #316 ): Updated gRPC dependency in CubeMaster.

📚 Documentation

• Changelog restructure (docs: restructure changelog into per-version files with index pages #412 , docs: fix broken changelog links in README #416 ): Changelogs are now organized into per-version files with an index page for easier navigation. Fixed broken changelog links in README.
• Performance benchmark blog (docs,examples: add perf benchmark blog post and bench scripts #419 ): Published a detailed performance benchmark post with reproducible bench scripts, covering startup latency and resource overhead metrics.
• Blog system (feat(docs): add blog system with local search and maintainer guide #306 , docs(blog): add 'from serverless to agent' post and external pvm walkthrough #340 ): Added a blog system with local search and maintainer guide. Published community posts including "From Serverless to Agent" and PVM deployment walkthroughs.
• Brand identity (feat(docs): add brand logo and favicon to documentation site #329 ): Added official logo and favicon to the documentation site.
• Troubleshooting guides (docs: add deployment and templates troubleshooting subpages with navigation #313 ): New bilingual troubleshooting subpages for deployment and template creation issues.
• Docs cross-reference fixes (docs: add missing .md extension to cross-file references #372 ): Added missing .md extensions to cross-file documentation references.
• Example & tutorial fixes (docs: fix probe path in create-from-image tutorial #406 , docs(examples): use e2b_ prefixed placeholder API key #407 , docs: fix clone state description — include memory, not just filesystem #377 ): Fixed probe path in create-from-image tutorial, standardized placeholder API keys with e2b_ prefix, and corrected clone state documentation.

⚙️ Engineering Improvements

• Kernel source migration (ci: migrate kernel source from Gitee to CNB and enhance extraction logic #395 ): Migrated kernel source from Gitee to CNB with enhanced extraction logic.
• CI/CD hardening (ci: add docs build check workflow on pull request #330 , ci: fix CR workflow #335 , ci: allow auto review for external PRs #338 , ci(workflows): add default shell bash and install unzip; optimize artifact retrieval #393 ): Added docs build check workflow, fixed CR workflow, enabled auto-review for external PRs, added default shell configuration and artifact retrieval optimization.
• Deprecated API removal (chore: remove deprecated rand.Seed calls #339 ): Removed deprecated rand.Seed calls across the codebase.
• Rust dependency refresh (#9f8df42f): Bumped crossbeam-channel from 0.5.13 to 0.5.15 in the hypervisor crate.

Full Changelog: v0.2.2...v0.3.0