docs(sandboxes): credential bindings and first-run approval#25468
docs(sandboxes): credential bindings and first-run approval#25468dvdksn wants to merge 1 commit into
Conversation
❌ Deploy Preview for docsdocker failed. Why did it fail? →
|
docker-agent
left a comment
There was a problem hiding this comment.
Assessment: 🟢 APPROVE
2 style/completeness findings in credentials.md. All agent pages and troubleshooting.md are clean.
| Each entry under `bindings` is keyed by a | ||
| [service identifier](#built-in-services) and has two parts: | ||
|
|
||
| - **`discovery`** — where to find the value: one or more environment variables, |
There was a problem hiding this comment.
[MEDIUM] Bold used for non-UI field names violates STYLE.md
**\discovery`and`allowedDomains`**` combine bold with inline code to format YAML schema field names. Per STYLE.md, bold is reserved exclusively for UI elements (buttons, menus, form field labels) — not for configuration parameters or schema keys.
These should be plain inline code only:
- `discovery` — where to find the value: one or more environment variables,
or a file. Entries are tried in order. Omit `discovery` to resolve the value
from the [secret store](#stored-secrets) as usual.
- `allowedDomains` — the domains the proxy may inject this credential into.| agent can use only the credentials you've approved, only on the domains you've | ||
| approved. | ||
|
|
||
| <!-- TODO(launch, confirm before publish): upgrade experience for users who |
There was a problem hiding this comment.
[MEDIUM] Unresolved TODO comment gating publish-readiness on an open issue
This HTML comment explicitly marks a section as incomplete and instructs "confirm before publish," gated on docker/sandboxes#3684. While the PR is intentionally drafted and held, if this PR is merged before that issue is resolved, the upgrade-experience documentation gap will silently ship — HTML comments are invisible to readers but the missing content is not.
Recommend tracking this as a blocker before merging (or ensuring the TODO is resolved inline before the PR leaves draft status).
6481d96 to
2df2dc4
Compare
Documents the credential-bindings authorization model for built-in agents: the ~/.config/sbx/credentials.yaml file (per-service discovery and allowedDomains), the first-run approval flow in the terminal and TUI, fail-closed mode, and the "no approved binding" troubleshooting case. Updates the built-in agent pages so env-var authentication flows through a credential binding. Split out from the combined credentials-rework PR; this half is gated on the built-in schemaVersion 2 migration (docker/sandboxes#3684) and held as a draft until that ships. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2df2dc4 to
4b163b0
Compare
Summary
Documents the Docker Sandboxes credential-bindings authorization model and the
first-run approval flow for built-in agents.
Split out from #25369. This is the end-user / runtime half. The
authoring-side kit-spec half lives in its companion PR (#25467).
What's in this PR
security/credentials.md— credential bindings(
~/.config/sbx/credentials.yaml): per-servicediscovery+allowedDomains;the first-run approval flow (terminal and TUI, API-key and OAuth); fail-closed
mode (
credentials.failClosed); environment variables documented as a bindingdiscovery source with no implicit host-env fallback.
claude-code,codex,copilot,cursor,docker-agent,droid,gemini,opencode,shell) — env-var authentication now flowsthrough a credential binding.
troubleshooting.md— the "no approved binding" failure (non-interactiverun or declined prompt).
Why split
This half describes end-user runtime behavior gated on the built-in
schemaVersion: "2"migration (docker/sandboxes#3684). The authoring-side kitspec (#25467) already exists and iterates on its own timeline. The two concerns
touch disjoint files and gate on independent events.
Status
Note
Draft — intentionally held. Publish when the built-in v2 / credential-
bindings migration ships (docker/sandboxes#3684). Before then, this describes
behavior most users wouldn't yet hit.
Open TODOs before publishing
auto-bound on first run, or prompted to approve a binding? (inline
TODOin
credentials.md)customize/build-an-agent.mdis still on the v1 schema — separatefollow-up.
Generated by Claude Code