2026年06月14日 Release v0.4.0

CubeSandbox 0.4.0 introduces CubeEgress, an OpenResty-based security proxy that brings credential injection, domain filtering, and access auditing to sandbox egress traffic. This release also delivers container log forwarding with a new cubecli logs command, a node component version matrix with cluster-wide visibility, template replica compatibility checking, a daemonless template image build pipeline, and significant network performance improvements (35% faster network P50). The builder base image has been downgraded to ubuntu:20.04, lowering the minimum glibc requirement from 2.34 to 2.31 for broader distribution compatibility. 58 commits from 15 contributors.

🎯 Major Features

CubeEgress: Security Proxy

CubeEgress is a new OpenResty-based egress gateway that sits in the sandbox outbound traffic path via TPROXY, enforcing L7 policy before requests leave the cluster. It consists of ~2,200 lines of Lua across 9 modules running on OpenResty/nginx, plus Go-side integration in CubeMaster (CA provisioning, policy push), network-agent (TPROXY iptables rules), and Cubelet (per-sandbox routing, protobuf egress rule model).

• Credential injection (#518): Per-sandbox secrets are attached to outbound requests at the proxy layer via EgressRule.inject — user code inside the sandbox never handles raw credentials. The CubeNetworkConfig protobuf message (formerly CubeVSContext) now carries L7 egress rules with match conditions (SNI, host, method, path, scheme) and actions (allow/deny, audit, inject). Credential material is redacted as ***REDACTED*** in CubeMaster safe-log output (#520).
• Domain filtering (#518): Policy-driven allow/deny lists gate which destinations a sandbox may reach, evaluated first-match-wins against the L7 request. DNS queries are permitted even when domain-based allow-out rules are set (38fe997).
• Access auditing (#518): Structured JSON logs of every egress request with optional body redaction via a redactor Lua module, enabling downstream compliance review.
• Kernel 5.4 compatibility (38fe997): The security proxy runs on kernel v5.4+, expanding deployment coverage.
• CubeVS fast-path hardening (#527): SYN-only packets are now rejected in the port-mapping BPF fast path, preventing guest-initiated connection attempts from bypassing egress policy.
• TAP TX offload (#505): TX checksum/TSO offload and tx-tcp-mangleid-segmentation are enabled on TAP devices so redirected packets skip GSO before reaching the guest.
• CubeEgress version reporting (9d76195): CubeEgress participates in the node component version matrix with build-time version metadata injection, a /admin/v1/health endpoint extension, release manifest entries, and cubelet-side file-based collection.

New files: CubeEgress/ (20 files — Lua modules, nginx config, Dockerfile, iptables scripts, systemd units, CA generation); CubeMaster/pkg/service/httpservice/cube/ca_download.go; CubeMaster/pkg/templatecenter/cube_egress_ca/; CubeMaster/pkg/templatecenter/cube_egress_ca_bake.go; DB migration 0005_cube_egress.sql.

Container Log Forwarding

Container init-process stdout/stderr is now streamed from the agent to the shim via a dedicated vsock connection and appended to log files on the host. A new cubecli cubebox logs subcommand lets operators read these logs from outside the sandbox.

• Log streaming (#535): The shim injects a cube.container.log_forwarding=true annotation into the OCI spec, causing the agent to create stdout/stderr pipes (1 MiB buffer, O_NONBLOCK) for the init process. A dedicated vsock channel carries the log stream to the shim, which appends to /data/log/template/<id>/stdout|stderr during template builds and to ./stdout / ./stderr in the bundle directory for normal sandboxes. Log forwarding is cleanly cancelled before pause/snapshot/teardown, and pipe write fds are closed on process exit so readers receive EOF (#541). Exec I/O relay (FIFO-based) is kept separate from init log forwarding.
• cubecli cubebox logs (#528): New subcommand to read container stdout/stderr from /data/cubelet/state/io.containerd.runtime.v2.task/default/<id>/stdout|stderr. Supports --tail N, --head N, --all, and --stderr flags. Since log files live inside the cubelet mount namespace, the command re-execs itself via the existing C constructor in pkg/cubemnt/nsenter.c to safely enter the namespace before any Go code runs. Includes openNoFollow() path validation hardened against symlink-following attacks.

Node Component Version Matrix

A new version tracking infrastructure gives operators cluster-wide visibility of component versions across all nodes, with a dedicated Web UI page.

• Version collection and matrix (#500): Cubelet collects component versions (guest-image, cube-agent, kernel, plus control-plane components from the release manifest) and reports them to CubeMaster, which maintains a version matrix in the node_component_version table (DB migration 0004). The matrix groups nodes by reported version for each component, surfaces version skew, and exposes summary and detail APIs through CubeAPI.
• Standardized version injection (#493): All Go and Rust binaries now receive version, commit, and build-time metadata via ldflags / build.rs. A machine-readable release-manifest.json is generated in one-click release bundles so every artifact is traceable to the same release. The cubecli version and cubemastercli version output formats are unified across components.
• Web UI Versions page (#500, #481): A new Versions.tsx page (762 lines) with i18n support (en/zh) shows per-component version distribution across nodes. The sidebar and Settings About section now display the actual release tag (injected at build time as __APP_VERSION__) instead of hardcoded versions.

New files: CubeMaster/pkg/nodemeta/versionmatrix.go; web/src/pages/Versions.tsx; web/src/locales/en/versions.json, zh/versions.json; DB migration 0004_node_component_version.sql.

Template Replica Compatibility

Template replicas are now checked against node component versions, with stale/missing replicas surfaced in both the API and Web UI.

• Compatibility matrix and version binding (#510): The template compatibility system compares each template's bound component versions (guest-image, cube-agent, kernel) against what each node currently reports. Results are stored in template_versions (DB migration 0006) and exposed via /templates/compat (summary) and /templates/compat/{id} (per-template detail). Version binding management lets operators pin a template to specific component versions at creation time.
• Web UI (#545): The template detail page now shows per-replica compatibility badges, version delta between bound and current component versions, and a stale-replica warning banner with a rebuild trigger. New components: CompatBadge, CompatSection, CompatWarning, CompatNodeCard, VersionDeltaList.

New files: CubeMaster/pkg/templatecenter/compat.go; CubeMaster/pkg/service/httpservice/cube/template_compat.go; DB migration 0006_template_replica_compat.sql.

Template Image Build Pipeline Overhaul

The template image build pipeline has been rearchitected to support daemonless operation via skopeo/umoci, with a 72% reduction in peak disk usage and file-level content deduplication.

• Daemonless export path (#492, #506): When skopeo and umoci are available on the CubeMaster node, template images are pulled via skopeo copy into a local OCI layout and unpacked with umoci unpack --rootless, eliminating the Docker daemon requirement. Falls back to Docker for backward compatibility. The export strategy is chosen once at image resolution time so preparation and export stay consistent.
• Artifact management (#506): A new job runner orchestrates the full pipeline (image export → rootfs artifact build → distribution), with redo support that can resume from the last completed phase. File-level content fingerprints (SHA256) enable artifact deduplication across builds, and artifact cleanup is managed through a structured lifecycle. Redo operations now carry the correct template ID through working requests (#544).
• Disk usage optimization (#472): Peak disk usage during image-to-ext4 build is reduced from ×ばつ to ×ばつ image size through five complementary optimizations:
  1. Pipe-streamed export: Docker export stdout is connected directly to tar -xf stdin via a 1 MiB pipe (F_SETPIPE_SZ), eliminating the intermediate rootfs.tar file.
  2. Early workDir cleanup: The scratch workDir is removed immediately after the rootfs reaches the store directory, before ext4 creation begins.
  3. Precise ext4 sizing: Power-of-2 alignment is replaced with a triple-overhead model (fixed 256 MiB + 10% of data + 1 KiB per file), aligned to 256 MiB boundaries.
  4. Direct-to-storeDir export: On local fast filesystems (detected via statfs magic), the rootfs is exported directly into the store directory, skipping the workDir→storeDir relocate step. NFS/CIFS fall back to the relocate path to avoid cross-device copies.
  5. Disk-space pre-check: A fail-fast statfs check on the store directory parent ensures sufficient space before the build starts, with a configurable safety margin (CUBEMASTER_DISK_SPACE_SAFETY_MARGIN, default ×ばつ).
     SHA256 computation uses a 4 MiB buffer to reduce read syscalls. A loop-mount streaming ext4 build phase (gated behind CUBEMASTER_LOOP_MOUNT_EXT4_ENABLED, default false) is also implemented with CAP_SYS_ADMIN detection.
• SDK alignment (#485): CubeAPI POST /templates and Python/Go SDKs now expose DNS, egress CIDRs, registry auth, command/args, network type, and node scope options, matching the full cubemastercli template create-from-image option set....

2026年06月04日 Release v0.3.1

CubeSandbox 0.3.1 is a stabilization and hardening release following v0.3.0, focused on one-click installer robustness, network stability fixes, AgentHub refinements, and expanded documentation with real-world benchmark data. 14 commits from 7 contributors.

✨ Enhancements

One-Click Deployment

• Custom sandbox network CIDR (#451): Users can now specify CUBE_SANDBOX_NETWORK_CIDR at install time to avoid conflicts with existing host network subnets. Includes CIDR format validation, host interface/route overlap detection, and a bypass flag (CUBE_SANDBOX_NETWORK_CIDR_SKIP_CONFLICT_CHECK) for advanced scenarios. The chosen CIDR is persisted to .one-click.env after successful config patching.
• Systemd 255 ExecStart/ExecStop compatibility (#451): Prefixed all ExecStart, ExecStartPre, ExecStartPost, and ExecStop directives with /usr/bin/bash to avoid 203/EXEC errors from systemd-executor on OpenCloudOS 9.4+.
• glibc version preflight check (#457): The installer now checks glibc >= 2.34 before installation to fail fast on unsupported distributions (e.g., CentOS 7, Ubuntu 20.04), where cubelet/cubecli binaries would crash at runtime.
• PVM consistency pre-check (#456): When the kvm_pvm kernel module is loaded on the host, the installer verifies that CUBE_PVM_ENABLE=1 is set. Without this check, PVM hosts would silently install the wrong guest kernel (ordinary vmlinux instead of vmlinux-pvm), causing VM template creation to fail later with obscure errors. Configurable via ONE_CLICK_SKIP_PVM_CHECK=1.

AgentHub (Preview)

• Snapshot/rollback API routes (#426): Added snapshot creation and rollback endpoints to AgentHub, enabling the digital assistant console to manage sandbox checkpoints.
• Preview button & sandbox open logic (#426): The WebUI now includes a preview button alongside sandbox open functionality, with template store defaults corrected.
• Preview documentation (#426): Added AgentHub preview feature guides in both English and Chinese.

🐛 Bug Fixes

• Network-agent: fix existing sandbox network drop on restart (#442): When network-agent restarted, restoreTap() unconditionally tried to acquire the tap fd via TUNSETIFF, even when the TAP was still held by a running sandbox. With IFF_ONE_QUEUE, the kernel rejected the second open with EBUSY, the TAP was pushed into the abnormal pool, and the stale-cleanup branch removed its BPF map entry — silently dropping egress traffic. The fix skips getTapFd when tap.InUse is true and surfaces a clear error when no fd is available.
• Delay host DNS switchover until CoreDNS is ready (#452): On first install, the host resolv.conf was rewritten before CoreDNS was listening, causing a DNS deadlock. The installer now waits for CoreDNS to bind its port, preserves one upstream fallback resolver, and filters reserved nameserver addresses from upstream resolution paths.

Dev Environment

• Update default OpenCloudOS image to 9.6 (#447): The OpenCloudOS 9.4 qcow2 image at mirrors.tencent.com is no longer available and downloads fail. Bumped the default image URL in both prepare_image.sh and run_vm.sh to the latest 9.6-20260514.2 GenericCloud image.

📚 Documentation

• SA9.4XLARGE32 PVM benchmark report (EN + ZH) (#459): Full benchmark report on Tencent Cloud SA9.4XLARGE32 (AMD EPYC 9K65, 16 vCPU, 32 GiB RAM, 200 GiB Enhanced SSD, PVM kernel), covering cold-start latency, concurrency scaling (c=1/10/20), single-host density (~743 idle sandboxes at ~27-34 MB each), snapshot creation vs concurrency & dirty-page size, create-from-snapshot, rollback, clone, and pause/resume concurrency. Both Chinese and English versions are included.
• BMI5 bare-metal benchmark data (#450): Replaced all mock/placeholder data in the performance benchmark article (ZH + EN) with real measurements from a Tencent Cloud BMI5 bare-metal node. Refactored benchmark scripts to a single-tier CLI style for composable multi-tier sweeps, with TAP pool scaling instructions.
• v0.3.0 release blog post (#441): Added Chinese and English blog posts announcing the v0.3.0 release (snapshot/clone/rollback, AgentHub, Web UI, Go SDK). Reordered featured posts with v0.3.0 as top weight.
• trpc-agent-go use case (#446): Added a new use case documenting how trpc-agent-go leverages Cube Sandbox as a secure code execution backend, with sidebar entries in both EN and ZH documentation.
• Perf benchmark article fixes (#440): Fixed vmm.log path, added template creation command to section 2.2, and moved general conventions from section 3.1 to section 4.0 in both language versions.
• Disk space requirement update (#425): Updated minimum disk space for /data/cubelet from 300 GB to 50 GB, with a 200 GB recommendation for building multiple templates.
• Duplicate Quick Start links removed (#430): Cleaned up duplicate Quick Start links in the README, leaving only the top navigation bar entry.

Full Changelog: v0.3.0...v0.3.1

2026年06月02日 Release v0.3.0

CubeSandbox 0.3.0 introduces CubeCoW, a Copy-on-Write snapshot engine that brings hundred-millisecond snapshot, clone, and rollback capabilities to AI Agent sandboxes. This release also adds the AgentHub digital assistant console (Preview), a Web UI for visual management, and the Go SDK. With 82 commits from 22 contributors, v0.3.0 is the largest release since open-sourcing.

🎯 Major Features

CubeCoW: Snapshot, Clone & Rollback

• CubeCoW Copy-on-Write snapshot engine (#360): A full-lifecycle CoW snapshot engine using reflink-based volume snapshots, providing efficient block-level snapshot operations for sandbox volume management. Create lightweight, space-efficient checkpoints at any moment.
• Soft-dirty incremental memory snapshots (#389): Per-cycle incremental memory snapshots via soft-dirty page tracking, dramatically reducing snapshot time and storage for repeated snapshot cycles. Only dirty pages are captured after the first full snapshot.
• Snapshot restore & vsock handling (#388): VSOCK connections are properly reset on snapshot restore, ensuring clean connection state after rollback.
• Snapshot I/O optimization (#400): Removed unnecessary sync_all() calls from all snapshot write paths, significantly reducing snapshot write latency without compromising data integrity.
• Demo suite & developer guide (#374): A complete demo suite and step-by-step guide covering snapshot, rollback, and clone workflows, with runnable examples.
• Host-mount pause snapshot restore fix: Fixed snapshot restore for sandboxes with paused host-mount filesystems.

AgentHub Digital Assistant Console (Preview)

• AgentHub API & UI (#420): A complete digital assistant console built on top of CubeSandbox. Includes:
  • AgentHub persistence layer and assistant lifecycle management
  • OpenClaw setup integration for AI agent orchestration
  • Snapshot timeline with visual checkpoint creation and rollback
  • Clone sandboxes into parallel exploration environments
  • Template actions for reusable assistant configurations
  • Model settings and WeCom notification configuration
  • Full i18n support (English & Chinese)

Web UI

• Management dashboard (#299): A browser-accessible Web UI for managing sandboxes, templates, and cluster nodes. Includes a template store for browsing and deploying pre-built sandbox images. No CLI needed for common operations.

🛠️ SDK

Python SDK (v0.2.1)

• Template creation API (#365): Create sandbox templates programmatically from Python, enabling end-to-end automation without shell commands.
• envd process API migration (#1676a0fc): Commands now run through the envd process API, improving reliability and consistency.
• Process exit edge-case handling (#a210dfc2): Fixed edge cases in envd process lifecycle management, preventing hung commands.
• Stderr coverage & file fallback hardening (#9e2c64ab): Improved error output capture and hardened file operation fallback paths.
• envd defaults & network policy alignment (#418): Aligned envd service defaults and network policy configuration with the server-side defaults.

Go SDK (New)

• Initial Go SDK release (#5de861ac, #3b5caf29): A complete Go SDK providing typed API bindings for sandbox lifecycle management, enabling Go applications to create, manage, and destroy sandboxes natively.

✨ Enhancements

Deployment

• Systemd-based one-click deployment (#331): The one-click installer now manages all services through systemd, providing proper service supervision, automatic restart on failure, and systemctl integration.
• Docker Compose container lifecycle (#386): Container lifecycle management migrated to Docker Compose, simplifying multi-container orchestration and improving restart behavior.
• Early pre-download checks (#288): The online installer now validates network connectivity and disk space before downloading, preventing mid-installation failures.
• Health check & diagnostic scripts (#305): New check.sh and collect-logs.sh scripts for one-click deployment health verification and log collection.
• Cgroup v2 CPU controller preflight check (#367): The installer detects missing cgroup v2 CPU controller support and provides actionable guidance before proceeding.
• Network-agent readiness wait (#304): The installer now waits for network-agent to be fully ready before proceeding, eliminating race conditions during initial setup.
• Docker bind-mount directory prevention (#417): Prevent Docker from auto-creating directories at bind-mount file paths, ensuring correct mount behavior.
• Guest image optimization (#347): Ext4 images are now shrunk after creation and the Dockerfile is optimized, reducing image size and pull time.

Infrastructure

• Centralized schema migration (#385): CubeMaster now uses goose for database schema migrations, enabling versioned, automated schema management across upgrades.
• Node resource reporting (#382): Cubelet now reports allocated node resources (CPU, memory, disk) to CubeMaster, enabling cluster-wide resource awareness.
• Path-based sandbox routing (#334): CubeProxy supports path-based sandbox routing and shared backend resolution, improving routing flexibility.
• Scheduler metrics (#326, #301): Cubelet exposes scheduler metrics as Prometheus gauges on /v1/metrics, enabling real-time monitoring of sandbox scheduling and resource utilization.

🐛 Bug Fixes

• Pause/resume state convergence (#404): Fixed pause/resume state drift on ttrpc errors and shim events, ensuring consistent sandbox lifecycle state.
• Shim readiness handshake (#398): Fixed the shim readiness handshake by not redirecting stdout (fd 1), preventing silent initialization failures.
• Network resource leak (#314): Resolved a network resource leak during sandbox creation that could exhaust available network interfaces over time.
• Host-mount cleanup (#333): Host-mount directories are now properly cleaned up after sandbox destruction, preventing disk space accumulation.
• Cloud Hypervisor disk API (#337): Fixed incorrect Cloud Hypervisor disk API endpoint usage that could cause disk operation failures.
• Template commit idempotency (#336): Enforced requestID uniqueness and added idempotent commit reuse, eliminating duplicate template commits from retried requests.
• Config parsing (#396): Fixed NodeStatusUpdateFrequency to use tomlext.Duration for correct TOML duration parsing.
• Input validation (#344): Added input validation at command-execution call sites to catch invalid parameters early.
• Concurrent DNS handling (#363): Tolerate concurrent DNS dummy link creation, preventing race-condition failures during parallel sandbox creation.
• PMEM boundary alignment (#351): Shrunk guest images are now aligned to pmem boundary, fixing boot failures on certain configurations.
• Quickcheck readiness (#349): Wait for quickcheck containers to be ready before proceeding, eliminating false-positive health check failures.
• Service binding security (#269): MySQL/Redis now bind to localhost by default, and CubeProxy uses host networking for improved network security.
• Service startup ordering (#346): cube-proxy.service is now ordered after cube-sandbox-dns.service, preventing DNS resolution failures at startup.
• Image digest handling (#303): Stripped canonical prefix from image digests in the template center, fixing image reference mismatches.
• Paused state reporting (#270): Fixed paused sandbox state in list responses, ensuring accurate sandbox status display.
• Build version injection (#327): Build version info is now properly injected via ldflags for cubelet and cubemaster binaries.

🔒 Security

• Prometheus upgrade (#328): Upgraded prometheus client to 0.14.0, dropping the vulnerable protobuf 2.28.0 dependency.
• reqwest upgrade (#323): Upgraded reqwest to 0.12 in CubeAPI, fixing the rustls-webpki CVE.
• libseccomp upgrade (#321): Upgraded libseccomp to 0.3.0, fixing GHSA-2r23-gqr7-wr4h.
• go-jose bump (#320): Bumped go-jose/v4 to the latest secure version.
• gRPC dependency bump (#316): Updated gRPC dependency in CubeMaster.

📚 Documentation

• Changelog restructure (#412, #416): Changelogs are now organized into per-version files with an index page for easier navigation. Fixed broken changelog links in README.
• Performance benchmark blog (#419): Published a detailed performance benchmark post with reproducible bench scripts, covering startup latency and resource overhead metrics.
• Blog system (#306, #340): Added a blog system with local search and maintainer guide. Published community posts including "From Serverless to Agent" and PVM deployment walkthroughs.
• Brand identity (#329): Added official logo and favicon to the documentation site.
• Troubleshooting guides (#313): New bilingual troubleshooting subpages for deployment and template creation issues.
• Docs cross-reference fixes (#372): Added missing .md extensions to cross-file documentation references.
• Example & tutorial fixes (#406, #407, #377): Fixed probe path in create-from-image tutorial, standardized placeholder API keys with e2b_ prefix, and corrected clone state documentation.

⚙️ Engineering Improvements

• Kernel source migration (#395): Migrated kernel source from Gitee to CNB with enhanced extraction logic.
• CI/CD hardening (#330, #335, #338, #393): Added docs build check workflow, fixed CR workflow, enabled auto-review for external PRs, added default shell configuration and artifact retrieval optimization.
• Deprecated API removal (#339): Removed deprecated rand.Seed calls across the codebase.
• Rust dependency refresh (#9f8df42...

What's Changed

• chore: bump Python SDK version to 0.2.1 by @wbzdssm in #394
• fix(cubelet): use tomlext.Duration for NodeStatusUpdateFrequency by @chenhengqi in #396

Full Changelog: v0.3.0-rc3...v0.3.0-rc4

Contributors

• @chenhengqi
• @wbzdssm

What's Changed

• ci: migrate kernel source from Gitee to CNB and enhance extraction logic by @fslongjin in #395

Full Changelog: v0.3.0-rc2...v0.3.0-rc3

Contributors

• @fslongjin

What's Changed

• ci(workflows): add default shell bash and install unzip; optimize artifact retrieval by @fslongjin in #393

Full Changelog: v0.3.0-rc1...v0.3.0-rc2

Contributors

• @fslongjin

v0.3.0-rc1 Release Notes

Release Date: 2026年05月28日

We are excited to announce the v0.3.0-rc1 pre-release of CubeSandbox! This release introduces several major new capabilities including the Copy-on-Write (CoW) snapshot engine, a Web UI, a Go SDK, and incremental memory snapshots. A total of 65 commits from 21 contributors went into this release since v0.2.2 (2026年05月18日).

Major Features

Copy-on-Write Snapshot Engine (cubecow)

• Introduced cubecow, a full-lifecycle Copy-on-Write snapshot engine supporting reflink-based volume snapshots (PR [#360])
• Efficient block-level snapshot operations for sandbox volume management

Soft-Dirty Incremental Memory Snapshots

• Added per-cycle incremental memory snapshots using the soft-dirty page tracking mechanism (PR [#389])
• Dramatically reduces snapshot time and storage for repeated snapshot cycles

Web UI

• Added a comprehensive WebUI for sandbox, template, and node management, along with a template store (PR [#299])
• Built-in management interface accessible from the browser

Go SDK

• Added a complete Go SDK for CubeSandbox, enabling Go applications to interact with the platform programmatically
• Includes sandbox lifecycle management and typed API bindings

Python SDK: Template Creation API

• Added template creation API to the Python SDK (PR [#365])
• Python SDK bumped to v0.2.0 (PR [#373])

Features

• CubeProxy: Path-based sandbox routing and shared backend resolution (PR [#334])
• Cubelet: Report allocated node resources to CubeMaster (PR [#382])
• Cubelet: Expose scheduler metrics as Prometheus gauges on /v1/metrics (PR [#326])
• CubeMaster/DAO: Centralized schema migration with goose (PR [#385])
• Guest Image: Shrink ext4 image after creation and optimize Dockerfile (PR [#347])
• Deploy: Migrate one-click deployment to systemd management (PR [#331])
• Deploy: Implement early pre-download checks for online installer (PR [#288])
• Deploy: Add cgroup v2 CPU controller preflight check (PR [#367])
• Deploy: Add one-click health check and diagnostic scripts (PR [#305])
• Docs: Add blog system with local search and maintainer guide (PR [#306])
• Docs: Add brand logo and favicon to documentation site (PR [#329])

Refactoring

• One-click deployment: Drive container lifecycle through Docker Compose (PR [#386])

Bug Fixes

• Network: Resolve network resource leak during sandbox creation (PR [#314])
• Cubelet: Cleanup host-mount directories after sandbox destroy (PR [#333])
• Cubelet: Use correct Cloud Hypervisor disk API endpoint (PR [#337])
• Cubelet: Validate inputs at command-execution call sites (PR [#344])
• Cubelet: Register metric plugin to enable /v1/metrics/scheduler endpoint (PR [#301])
• Cubelet: Write kernel version for refreshed pmem artifacts (PR [#297])
• Cubelet: Fix CI compile error (PR [#368])
• Deploy: Tolerate concurrent DNS dummy link creation (PR [#363])
• Deploy: Align shrunk guest images to pmem boundary (PR [#351])
• Deploy: Wait for quickcheck containers to be ready (PR [#349])
• Deploy: Bind MySQL/Redis to localhost and switch CubeProxy to host networking (PR [#269])
• Deploy: Order cube-proxy.service after cube-sandbox-dns.service (PR [#346])
• Deploy: Fix collect-logs.sh output directory and cube-proxy log collection (PR [#319])
• Template Commit: Enforce requestID uniqueness and add idempotent commit reuse (PR [#336])
• TemplateCenter: Strip canonical prefix from image digest (PR [#303])
• CubeAPI: Fix paused state in sandbox list response (PR [#270])
• Build: Inject version info via ldflags for cubelet and cubemaster (PR [#327])
• Network-agent: Make tap fd timeout configurable
• Python SDK: Handle envd process exit edge cases
• Python SDK: Run commands through envd process API
• One-click: Force 4K block size when building guest rootfs
• One-click: Wait for network-agent readiness (PR [#304])
• Host-mount: Fix pause snapshot restore

Security & Dependency Updates

• agent: Upgrade Prometheus to 0.14.0 to drop vulnerable protobuf 2.28.0 (PR [#328])
• CubeAPI: Upgrade reqwest to 0.12 to fix rustls-webpki CVE (PR [#323])
• agent: Upgrade libseccomp to 0.3.0 to fix GHSA-2r23-gqr7-wr4h (PR [#321])
• Cubelet: Bump github.com/go-jose/go-jose to v4 (PR [#320])
• CubeMaster: Bump google.golang.org/grpc (PR [#316])
• hypervisor: Bump crossbeam-channel from 0.5.13 to 0.5.15

CI Improvements

• Enable auto review for external PRs (PR [#338])
• Add docs build check workflow on pull request (PR [#330])
• Fix CR workflow (PR [#335])

Documentation

• Add snapshot/rollback/clone demo suite and guide (PR [#374])
• Blog: "From Serverless to Agent" post and external PVM walkthrough (PR [#340])
• Add deployment and templates troubleshooting subpages with navigation (PR [#313])
• Troubleshooting: Template creation timeout when sandbox CIDR overlaps LAN (PR [#325])
• Fix clone state description — include memory, not just filesystem (PR [#377])
• Update PVM kernel download link to cnb.cool (zh docs) (PR [#371])
• Abandoned XDP program: drop references to filter_from_cube (PR [#197])
• Add external link to AWS nested-virt deployment community post (PR [#309])
• Add missing .md extension to cross-file references (PR [#372])
• Remove License section from cubecow README (PR [#369])

Chores

• Python SDK: bump version to 0.2.0 (PR [#373])
• Remove deprecated rand.Seed calls (PR [#339])

Contributors

Thanks to the following 21 contributors for their work since v0.2.2:

@LoGin, @ls, @tinklone, @kami-lu, @chenggui53, @cherrycao, @hengqi Chen, @novahe, @MaxLong, @yi Wang, @liciazhu, @nemo, @feng King, @songqian Li, @joohwan., @Stary, @xiongxz, @Yangjie, @YangYuS8, @wangchenglong-hj, and @dependabot[bot].

Full Change Log

62e0d56d feat(snapshot): add soft-dirty per-cycle incremental memory snapshots (#389)
6f722953 virtio-devices: vsock: RST vsocks on snapshot restore (#388)
bda4a699 feat(cubelet): report allocated node resources to cubemaster (#382)
8b33d9c9 refactor(one-click): drive container lifecycle through docker compose (#386)
e8d24c5a feat(CubeMaster/dao): introduce centralized schema migration with goose (#385)
cecec745 feat: introduce cubecow Copy-on-Write snapshot engine with full lifecycle management (#360)
6a97ee5a feat(web): add WebUI with sandbox/template/node management and template store (#299)
5de861ac Add Go SDK
5d90479a feat(python-sdk): add template creation API (#365)
53dd243d feat(cubeproxy): add path-based sandbox routing and shared backend resolution (#334)
0032a33e feat(Cubelet): expose scheduler metrics as Prometheus gauges on /v1/metrics (#326)
6323ec22 feat(deploy): migrate one-click deployment to systemd management (#331)
75f0c17d feat(guest-image): shrink ext4 image after creation and optimize Dockerfile (#347)
a4ff1b94 feat(deploy): add cgroup v2 CPU controller preflight check (#367)
243e0142 feat(deploy): implement early pre-download checks for online installer (#288)
949f7b6f feat(docs): add blog system with local search and maintainer guide (#306)
e18e1ec8 feat(docs): add brand logo and favicon to documentation site (#329)
f71a55f0 fix: resolve network resource leak during sandbox creation (#314)
5d27a125 fix(Cubelet): cleanup host-mount dirs after sandbox destroy (#333)
5f8d81a1 fix(Cubelet): use correct Cloud Hypervisor disk API endpoint (#337)
508f1edd fix(cubelet): validate inputs at command-execution call sites (#344)
6874acc1 fix(cubelet): register metric plugin to enable /v1/metrics/scheduler endpoint (#301)
46424e74 fix(cubelet): write kernel version for refreshed pmem artifacts (#297)
2e35abbb fix: fix cubelet ci compile error (#368)
18e0af8c fix(deploy): tolerate concurrent DNS dummy link creation (#363)
9718bcdb fix(deploy): align shrunk guest images to pmem boundary (#351)
6b8f7740 fix(deploy): wait for quickcheck containers to be ready (#349)
deec9016 fix(deploy): bind MySQL/Redis to localhost and switch CubeProxy to host networking (#269)
49066d18 fix(deploy): order cube-proxy.service after cube-sandbox-dns.service (#346)
9006a04c deploy: fix collect-logs.sh output directory and cube-proxy log collection (#319)
1a0654d5 fix(template-commit): enforce requestID uniqueness and add idempotent commit resue (#336)
0c09191e fix(templatecenter): strip canonical prefix from image digest (#303)
8e4d0822 cubeapi: fix paused state in sandbox list response (#270)
ba58684e fix(build): inject version info via ldflags for cubelet and cubemaster (#327)
b4812469 agent: upgrade prometheus to 0.14.0 to drop vulnerable protobuf 2.28.0 (#328)
e29453ba CubeAPI: upgrade reqwest to 0.12 to fix rustls-webpki CVE (#323)
6c931fcd agent: upgrade libseccomp to 0.3.0 to fix GHSA-2r23-gqr7-wr4h (#321)
ffe8349b ci: allow auto review for external PRs (#338)
75aac8f0 ci: add docs build check workflow on pull request (#330)
097903ea ci: fix CR workflow (#335)

Contributors

• @yi
• @feng
• @songqian
• @Stary
• @nemo
• @tinklone
• @chenggui53
• @joohwan
• @ls
• @MaxLong
• @cherrycao
• @novahe
• @dependabot
• @hengqi
• @Yangjie
• @YangYuS8
• @wangchenglong-hj
• @kami-lu
• @xiongxz
• @liciazhu

2026年05月18日 Release v0.2.2

🛡️ Security Fixes

• hypervisor: vmm-sys-util bumped 0.11.x → 0.12.1 (CVE-2023-50711, GHSA-875g-mfp6-g7f9): FamStructWrapper::deserialize previously failed to verify that the header length matched the flexible-array length, allowing out-of-bounds memory access from safe Rust code. Pinned to the workspace version already used by every other hypervisor crate.
• agent / hypervisor: bytes and env_logger security bumps — additional dependency refreshes from the same CVE-fix pass (#267).
• Reverted time crate bump (CVE-2026-25727 / GHSA-r6v5-fh4h-64xc) (#286): Analysis confirmed that CubeSandbox only uses time::format_description::well_known::Rfc3339 for outbound timestamp formatting and never invokes Rfc2822 parsing on untrusted input — the affected attack vector is not reachable. The upgrade was rolled back because it requires an MSRV bump and will be addressed separately when the project is ready.

🚀 Critical Fixes

• Fixed duplicate template-image job creation (CubeMaster) (#227): A new request_id column with a unique index on (request_id, operation) makes job submissions idempotent. Migration logic handles existing records with legacy IDs. Eliminates the race where concurrent or retried API calls could enqueue the same build twice.
• Fixed cubecli exec nil-deref panic on stdin EOF (#188): StdinCloser.Read previously triggered a nil-pointer dereference when stdin reached EOF, silently aborting the exec lifecycle. The fix correctly handles EOF and switches to errors.Is(err, io.EOF) for proper error-wrapping compatibility. Shim logs now emit the expected paired exec req / wait container ... exit code entries.
• Fixed ext4 artifact runtime file materialization for PVM templates (#282): RefreshArtifactRuntimeFiles, validateArtifactRuntimeFilesPresent, and ensureArtifactRuntimeFiles are simplified to handle only kernel files; copyKernelFileAtomically is renamed to CopyFileAtomically for reuse outside the package. Unit tests are updated and pruned accordingly.

✨ Enhancements

• E2B-compatible default exposed port (#207): The default sandbox exposed port is changed from 8080/32000 to 49983 to match the E2B sandbox protocol. CubeMaster is now the single authoritative source of default exposed ports — hardcoded defaults and port-seeding logic are removed from Cubelet and network-agent, preventing silent divergence.
• cubelet: cmdTimeout configurable via storage plugin config (#236): A new optional cmd_timeout field in the storage plugin TOML config replaces the hardcoded 3 s default. Multi-GiB ext4 operations on the live-create slow path under concurrent load can exceed 3 s; operators can now raise the limit without recompiling. Default behavior is unchanged when the field is absent.
• cubelet: richer diagnostics on newExt4RawByReflinkCopy failures (#237): Error messages now include elapsed time, target/base file stats, and free space in the format [step=N/4 cmd="..." elapsed=...ms target=size=... base=size=... free=...B]. Stat/statfs errors are reported inline. Unit tests are added for describeStorageFailure / describeFile / describeFreeBytes.
• Deploy: sync CubeMaster custom ports with .env config (#210): cubemaster.yaml now uses __CUBE_SANDBOX_MYSQL_PORT__ and __CUBE_SANDBOX_REDIS_PORT__ placeholders; install.sh substitutes them from the .env file, enabling non-default MySQL/Redis ports without manual YAML edits.

⚙️ Engineering Improvements

• cubecli: removed dead listmd command (#181): The unreachable listmd subcommand and its 128-line implementation (metadata.go) are deleted, reducing dead-code surface.

🤖 CI / DevOps

• Claude-powered code review and issue triage automation (#255): Five AI reviewer agents are introduced under .agents/agents/ (code quality, performance, security, test coverage, documentation accuracy). Automated workflows handle PR code review, duplicate issue detection, and issue label triage. A secure GitHub App token flow is wired up for CI actions, and helper scripts gh.sh and edit-issue-labels.sh are added under scripts/.
• gh.sh: issue comment support (#262): gh.sh gains comment-issue to post comments via stdin heredoc, and workflow tool paths are restricted to the new scripts directory for consistency.
• CI model configuration update (#259): Model name and show_full_output option updated for the AI review workflow.

📚 Documentation

• Chinese translation of CONTRIBUTING.md (#276): CONTRIBUTING_zh.md added as a full Chinese translation of the contribution guide.
• Community doc PR requirements relaxed (#279, #280): Both CONTRIBUTING.md and CONTRIBUTING_zh.md now allow single-language submissions; bilingual docs are encouraged but optional, with clear nested requirements.
• Network port allocation ranges documented (#205): docs/architecture/network.md (EN & ZH) now explicitly documents the three port-range buckets on compute nodes: 10000–19999 (network-agent ip_local_port_range), 20000–29999 (CubeProxy sandbox access), 30000–65535 (CubeVS SNAT).
• Community docs: troubleshooting / use-cases / integrations sections (#238): New bilingual doc sections added to VitePress with template files and index pages; a GitHub Actions workflow enforces bilingual parity for community docs. CONTRIBUTING.md and READMEs updated with contribution links.
• Domain update: CNAME switched from docs.cubesandbox.ai to cubesandbox.com (#271).
• Fixed browser-sandbox example: Added missing load_dotenv() call and python-dotenv dependency so .env variables are loaded before the script runs.
• WeChat group QR code refreshed (#208): Updated to a valid group code.
• v0.2.1 changelog entries (#281): EN and ZH changelog pages updated with the v0.2.1 release notes.

🙏 Contributors

Thanks to everyone who contributed to v0.2.2: @fslongjin, @foxywang, @cocovs, @WaylandYang, @chenggui53, @luzhixing12345, @turtlemoji, @QingqLin, @chenhengqi, @Dafeigy.

Full Changelog: v0.2.1...v0.2.2