github · pelikhan · Feb 15, 2026 · Feb 15, 2026 · Feb 15, 2026 · Feb 15, 2026
diff --git a/.changeset/patch-remove-srt-support.md b/.changeset/patch-remove-srt-support.md
diff --git a/.github/workflows/cli-version-checker.lock.yml b/.github/workflows/cli-version-checker.lock.yml
diff --git a/.github/workflows/cli-version-checker.md b/.github/workflows/cli-version-checker.md
@@ -1,5 +1,5 @@
 ---
-description: Monitors and updates agentic CLI tools (Claude Code, GitHub Copilot CLI, OpenAI Codex, GitHub MCP Server, Playwright MCP, Playwright Browser, Sandbox Runtime, MCP Gateway) for new versions
+description: Monitors and updates agentic CLI tools (Claude Code, GitHub Copilot CLI, OpenAI Codex, GitHub MCP Server, Playwright MCP, Playwright Browser, MCP Gateway) for new versions
 on:
   schedule: daily
   workflow_dispatch:
@@ -31,7 +31,7 @@ timeout-minutes: 45
 
 # CLI Version Checker
 
-Monitor and update agentic CLI tools: Claude Code, GitHub Copilot CLI, OpenAI Codex, GitHub MCP Server, Playwright MCP, Playwright Browser, Sandbox Runtime, and MCP Gateway.
+Monitor and update agentic CLI tools: Claude Code, GitHub Copilot CLI, OpenAI Codex, GitHub MCP Server, Playwright MCP, Playwright Browser, and MCP Gateway.
 
 **Repository**: ${{ github.repository }} | **Run**: ${{ github.run_id }}
 
@@ -133,9 +133,6 @@ For each CLI/MCP server:
 - **Playwright Browser**: `https://api.github.com/repos/microsoft/playwright/releases/latest`
   - Release Notes: https://github.com/microsoft/playwright/releases
   - Docker Image: `mcr.microsoft.com/playwright:v{VERSION}`
-- **Sandbox Runtime**: Use `npm view @anthropic-ai/sandbox-runtime version`
-  - Repository: https://github.com/anthropic-experimental/sandbox-runtime
-  - Package: https://www.npmjs.com/package/@anthropic-ai/sandbox-runtime
 - **MCP Gateway**: `https://api.github.com/repos/github/gh-aw-mcpg/releases/latest`
   - Repository: https://github.com/github/gh-aw-mcpg
   - Release Notes: https://github.com/github/gh-aw-mcpg/releases
@@ -205,13 +202,11 @@ For each CLI tool update:
    - Copilot CLI: `npm install -g @github/copilot@<version>`
    - Codex: `npm install -g @openai/codex@<version>`
    - Playwright MCP: `npm install -g @playwright/mcp@<version>`
-   - Sandbox Runtime: `npm install -g @anthropic-ai/sandbox-runtime@<version>`
 2. Invoke help to discover commands and flags (compare with cached output if available):
    - Run `claude-code --help`
    - Run `copilot --help` or `copilot help copilot`
    - Run `codex --help`
    - Run `npx @playwright/mcp@<version> --help` (if available)
-   - Sandbox Runtime is a library, check NPM package metadata for API changes
 3. **Explore subcommand help** for each tool (especially Copilot CLI):
    - Identify all available subcommands from main help output
    - For each subcommand, run its help command (e.g., `copilot help config`, `copilot help environment`, `copilot config --help`)

diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go
@@ -422,9 +422,6 @@ var SerenaLanguageSupport = map[string][]string{
 	},
 }
 
-// DefaultSandboxRuntimeVersion is the default version of the @anthropic-ai/sandbox-runtime package (SRT)
-const DefaultSandboxRuntimeVersion Version = "0.0.37"
-
 // DefaultPlaywrightMCPVersion is the default version of the @playwright/mcp package
 const DefaultPlaywrightMCPVersion Version = "0.0.64"
 
@@ -638,8 +635,6 @@ const (
 	SafeInputsFeatureFlag FeatureFlag = "safe-inputs"
 	// MCPGatewayFeatureFlag is the feature flag name for enabling MCP gateway
 	MCPGatewayFeatureFlag FeatureFlag = "mcp-gateway"
-	// SandboxRuntimeFeatureFlag is the feature flag name for sandbox runtime
-	SandboxRuntimeFeatureFlag FeatureFlag = "sandbox-runtime"
 	// DangerousPermissionsWriteFeatureFlag is the feature flag name for allowing write permissions
 	DangerousPermissionsWriteFeatureFlag FeatureFlag = "dangerous-permissions-write"
 	// DisableXPIAPromptFeatureFlag is the feature flag name for disabling XPIA prompt

diff --git a/pkg/constants/constants_test.go b/pkg/constants/constants_test.go
@@ -328,7 +328,6 @@ func TestFeatureFlagConstants(t *testing.T) {
 	}{
 		{"SafeInputsFeatureFlag", SafeInputsFeatureFlag, "safe-inputs"},
 		{"MCPGatewayFeatureFlag", MCPGatewayFeatureFlag, "mcp-gateway"},
-		{"SandboxRuntimeFeatureFlag", SandboxRuntimeFeatureFlag, "sandbox-runtime"},
 		{"DangerousPermissionsWriteFeatureFlag", DangerousPermissionsWriteFeatureFlag, "dangerous-permissions-write"},
 		{"DisableXPIAPromptFeatureFlag", DisableXPIAPromptFeatureFlag, "disable-xpia-prompt"},
 	}

diff --git a/pkg/parser/schemas/main_workflow_schema.json b/pkg/parser/schemas/main_workflow_schema.json
@@ -2166,12 +2166,12 @@
                     },
                     "ssl-bump": {
                       "type": "boolean",
-                      "description": "AWF-only feature: Enable SSL Bump for HTTPS content inspection. When enabled, AWF can filter HTTPS traffic by URL patterns instead of just domain names. This feature is specific to AWF and does not apply to Sandbox Runtime (SRT). Default: false",
+                      "description": "Enable SSL Bump for HTTPS content inspection. When enabled, AWF can filter HTTPS traffic by URL patterns instead of just domain names. This feature is specific to AWF. Default: false",
                       "default": false
                     },
                     "allow-urls": {
                       "type": "array",
-                      "description": "AWF-only feature: URL patterns to allow for HTTPS traffic (requires ssl-bump: true). Supports wildcards for flexible path matching. Must include https:// scheme. This feature is specific to AWF and does not apply to Sandbox Runtime (SRT).",
+                      "description": "URL patterns to allow for HTTPS traffic (requires ssl-bump: true). Supports wildcards for flexible path matching. Must include https:// scheme. This feature is specific to AWF.",
                       "items": {
                         "type": "string",
                         "pattern": "^https://.*",
@@ -2194,20 +2194,20 @@
       "oneOf": [
         {
           "type": "string",
-          "enum": ["default", "sandbox-runtime", "awf", "srt"],
-          "description": "Legacy string format for sandbox type: 'default' for no sandbox, 'sandbox-runtime' or 'srt' for Anthropic Sandbox Runtime, 'awf' for Agent Workflow Firewall"
+          "enum": ["default", "awf"],
+          "description": "Legacy string format for sandbox type: 'default' for no sandbox, 'awf' for Agent Workflow Firewall"
         },
         {
           "type": "object",
           "description": "Object format for full sandbox configuration with agent and mcp options",
           "properties": {
             "type": {
               "type": "string",
-              "enum": ["default", "sandbox-runtime", "awf", "srt"],
+              "enum": ["default", "awf"],
               "description": "Legacy sandbox type field (use agent instead)"
             },
             "agent": {
-              "description": "Agent sandbox type: 'awf' uses AWF (Agent Workflow Firewall), 'srt' uses Anthropic Sandbox Runtime, or false to disable agent sandbox. Defaults to 'awf' if not specified. Note: Disabling the agent sandbox (false) removes firewall protection but keeps the MCP gateway enabled.",
+              "description": "Agent sandbox type: 'awf' uses AWF (Agent Workflow Firewall), or false to disable agent sandbox. Defaults to 'awf' if not specified. Note: Disabling the agent sandbox (false) removes firewall protection but keeps the MCP gateway enabled.",
               "default": "awf",
               "oneOf": [
                 {
@@ -2217,37 +2217,37 @@
                 },
                 {
                   "type": "string",
-                  "enum": ["awf", "srt"],
-                  "description": "Sandbox type: 'awf' for Agent Workflow Firewall, 'srt' for Sandbox Runtime"
+                  "enum": ["awf"],
+                  "description": "Sandbox type: 'awf' for Agent Workflow Firewall"
                 },
                 {
                   "type": "object",
                   "description": "Custom sandbox runtime configuration",
                   "properties": {
                     "id": {
                       "type": "string",
-                      "enum": ["awf", "srt"],
-                      "description": "Agent identifier (replaces 'type' field in new format): 'awf' for Agent Workflow Firewall, 'srt' for Sandbox Runtime"
+                      "enum": ["awf"],
+                      "description": "Agent identifier (replaces 'type' field in new format): 'awf' for Agent Workflow Firewall"
                     },
                     "type": {
                       "type": "string",
-                      "enum": ["awf", "srt"],
+                      "enum": ["awf"],
                       "description": "Legacy: Sandbox type to use (use 'id' instead)"
                     },
                     "command": {
                       "type": "string",
-                      "description": "Custom command to replace the default AWF or SRT installation. For AWF: 'docker run my-custom-awf-image'. For SRT: 'docker run my-custom-srt-wrapper'"
+                      "description": "Custom command to replace the default AWF installation. For AWF: 'docker run my-custom-awf-image'"
                     },
                     "args": {
                       "type": "array",
-                      "description": "Additional arguments to append to the command (applies to both AWF and SRT, for standard and custom commands)",
+                      "description": "Additional arguments to append to the command (applies to AWF, for standard and custom commands)",
                       "items": {
                         "type": "string"
                       }
                     },
                     "env": {
                       "type": "object",
-                      "description": "Environment variables to set on the execution step (applies to both AWF and SRT)",
+                      "description": "Environment variables to set on the execution step (applies to AWF)",
                       "additionalProperties": {
                         "type": "string"
                       }
@@ -2264,7 +2264,7 @@
                     },
                     "config": {
                       "type": "object",
-                      "description": "Custom Sandbox Runtime configuration (only applies when type is 'srt'). Note: Network configuration is controlled by the top-level 'network' field, not here.",
+                      "description": "Custom sandbox runtime configuration. Note: Network configuration is controlled by the top-level 'network' field, not here.",
                       "properties": {
                         "filesystem": {
                           "type": "object",
@@ -2444,23 +2444,9 @@
       ],
       "examples": [
         "default",
-        "sandbox-runtime",
         {
           "agent": "awf"
         },
-        {
-          "agent": "srt"
-        },
-        {
-          "agent": {
-            "type": "srt",
-            "config": {
-              "filesystem": {
-                "allowWrite": [".", "/tmp"]
-              }
-            }
-          }
-        },
         {
           "mcp": {
             "container": "ghcr.io/githubnext/mcp-gateway",

diff --git a/pkg/workflow/compiler.go b/pkg/workflow/compiler.go
@@ -224,12 +224,6 @@ func (c *Compiler) validateWorkflowData(workflowData *WorkflowData, markdownPath
 		}
 	}
 
-	// Emit experimental warning for sandbox-runtime feature
-	if isSRTEnabled(workflowData) {
-		fmt.Fprintln(os.Stderr, console.FormatWarningMessage("Using experimental feature: sandbox-runtime firewall"))
-		c.IncrementWarningCount()
-	}
-
 	// Emit warning for sandbox.agent: false (disables agent sandbox firewall)
 	if isAgentSandboxDisabled(workflowData) {
 		fmt.Fprintln(os.Stderr, console.FormatWarningMessage("⚠️  WARNING: Agent sandbox disabled (sandbox.agent: false). This removes firewall protection. The AI agent will have direct network access without firewall filtering. The MCP gateway remains enabled. Only use this for testing or in controlled environments where you trust the AI agent completely."))

diff --git a/pkg/workflow/compiler_safe_outputs.go b/pkg/workflow/compiler_safe_outputs.go
@@ -477,11 +477,6 @@ func isSandboxEnabled(sandboxConfig *SandboxConfig, networkPermissions *NetworkP
 		}
 	}
 
-	// Check if SRT is enabled via legacy Type field
-	if sandboxConfig != nil && (sandboxConfig.Type == SandboxTypeSRT || sandboxConfig.Type == SandboxTypeRuntime) {
-		return true
-	}
-
 	// Check if firewall is auto-enabled (AWF)
 	if networkPermissions != nil && networkPermissions.Firewall != nil && networkPermissions.Firewall.Enabled {
 		return true

diff --git a/pkg/workflow/compiler_safe_outputs_test.go b/pkg/workflow/compiler_safe_outputs_test.go
@@ -881,7 +881,7 @@ func TestCompilerIsSandboxEnabled(t *testing.T) {
 			name: "sandbox SRT enabled via ID",
 			sandboxConfig: &SandboxConfig{
 				Agent: &AgentSandboxConfig{
-					ID: "srt",
+					ID: "awf",
 				},
 			},
 			expected: true,
@@ -890,7 +890,7 @@ func TestCompilerIsSandboxEnabled(t *testing.T) {
 			name: "sandbox SRT enabled via Type (legacy)",
 			sandboxConfig: &SandboxConfig{
 				Agent: &AgentSandboxConfig{
-					Type: SandboxTypeSRT,
+					Type: SandboxTypeAWF,
 				},
 			},
 			expected: true,
@@ -907,14 +907,14 @@ func TestCompilerIsSandboxEnabled(t *testing.T) {
 		{
 			name: "legacy type field SRT",
 			sandboxConfig: &SandboxConfig{
-				Type: SandboxTypeSRT,
+				Type: SandboxTypeAWF,
 			},
 			expected: true,
 		},
 		{
 			name: "legacy type field runtime",
 			sandboxConfig: &SandboxConfig{
-				Type: SandboxTypeRuntime,
+				Type: SandboxTypeAWF,
 			},
 			expected: true,
 		},
@@ -1403,10 +1403,10 @@ func TestCompilerIsSandboxEnabledPrecedence(t *testing.T) {
 	config := &SandboxConfig{
 		Agent: &AgentSandboxConfig{
 			ID:       "awf",
-			Type:     SandboxTypeSRT,
+			Type:     SandboxTypeAWF,
 			Disabled: true,
 		},
-		Type: SandboxTypeSRT,
+		Type: SandboxTypeAWF,
 	}
 	networkPerms := &NetworkPermissions{
 		Firewall: &FirewallConfig{Enabled: true},

diff --git a/pkg/workflow/copilot_engine_execution.go b/pkg/workflow/copilot_engine_execution.go
@@ -41,9 +41,9 @@ func (e *CopilotEngine) GetExecutionSteps(workflowData *WorkflowData, logFile st
 
 	// Build copilot CLI arguments based on configuration
 	var copilotArgs []string
-	sandboxEnabled := isFirewallEnabled(workflowData) || isSRTEnabled(workflowData)
+	sandboxEnabled := isFirewallEnabled(workflowData)
 	if sandboxEnabled {
-		// Simplified args for sandbox mode (AWF or SRT)
+		// Simplified args for sandbox mode (AWF)
 		copilotArgs = []string{"--add-dir", "/tmp/gh-aw/", "--log-level", "all", "--log-dir", logsFolder}
 
 		// Always add workspace directory to --add-dir so Copilot CLI can access it
@@ -164,18 +164,9 @@ func (e *CopilotEngine) GetExecutionSteps(workflowData *WorkflowData, logFile st
 		commandName = workflowData.EngineConfig.Command
 		copilotExecLog.Printf("Using custom command: %s", commandName)
 	} else if sandboxEnabled {
-		// For SRT: use locally installed package without -y flag to avoid internet fetch
-		// For AWF: use the installed binary directly
-		if isSRTEnabled(workflowData) {
-			// Use node explicitly to invoke copilot CLI to ensure env vars propagate correctly through sandbox
-			// The .bin/copilot shell wrapper doesn't properly pass environment variables through bubblewrap
-			// Environment variables are explicitly exported in the SRT wrapper to propagate through sandbox
-			commandName = "node ./node_modules/.bin/copilot"
-		} else {
-			// AWF - use the copilot binary installed by the installer script
-			// The binary is mounted into the AWF container from /usr/local/bin/copilot
-			commandName = "/usr/local/bin/copilot"
-		}
+		// AWF - use the installed binary directly
+		// The binary is mounted into the AWF container from /usr/local/bin/copilot
+		commandName = "/usr/local/bin/copilot"
 	} else {
 		// Non-sandbox mode: use standard copilot command
 		commandName = "copilot"
@@ -202,47 +193,9 @@ func (e *CopilotEngine) GetExecutionSteps(workflowData *WorkflowData, logFile st
 		}
 	}
 
-	// Conditionally wrap with sandbox (AWF or SRT)
+	// Conditionally wrap with sandbox (AWF only)
 	var command string
-	if isSRTEnabled(workflowData) {
-		// Build the SRT-wrapped command
-		copilotExecLog.Print("Using Sandbox Runtime (SRT) for execution")
-
-		agentConfig := getAgentConfig(workflowData)
-
-		// Generate SRT config JSON
-		srtConfigJSON, err := generateSRTConfigJSON(workflowData)
-		if err != nil {
-			copilotExecLog.Printf("Error generating SRT config: %v", err)
-			// Fallback to empty config
-			srtConfigJSON = "{}"
-		}
-
-		// Check if custom command is specified
-		if agentConfig != nil && agentConfig.Command != "" {
-			// Use custom command for SRT
-			copilotExecLog.Printf("Using custom SRT command: %s", agentConfig.Command)
-
-			// Build args list with custom args appended
-			var srtArgs []string
-			if len(agentConfig.Args) > 0 {
-				srtArgs = append(srtArgs, agentConfig.Args...)
-				copilotExecLog.Printf("Added %d custom args from agent config", len(agentConfig.Args))
-			}
-
-			// Escape the command so shell operators are passed to SRT, not interpreted by the outer shell
-			escapedCommand := shellEscapeArg(copilotCommand)
-
-			// Build the command with custom SRT command
-			// The custom command should handle wrapping copilot with SRT
-			command = fmt.Sprintf(`set -o pipefail
-%s %s -- %s 2>&1 | tee %s`, agentConfig.Command, shellJoinArgs(srtArgs), escapedCommand, shellEscapeArg(logFile))
-		} else {
-			// Create the Node.js wrapper script for SRT (standard installation)
-			srtWrapperScript := generateSRTWrapperScript(copilotCommand, srtConfigJSON, logFile, logsFolder)
-			command = srtWrapperScript
-		}
-	} else if isFirewallEnabled(workflowData) {
+	if isFirewallEnabled(workflowData) {
 		// Build AWF-wrapped command using helper function - no mkdir needed, AWF handles it
 		// Get allowed domains (copilot defaults + network permissions + HTTP MCP server URLs + runtime ecosystem domains)
 		allowedDomains := GetCopilotAllowedDomainsWithToolsAndRuntimes(workflowData.NetworkPermissions, workflowData.Tools, workflowData.Runtimes)