From 2510657a07fbefdde31e4b42f317e395c54e9389 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 15 Feb 2026 04:24:37 +0000 Subject: [PATCH] Update sandbox documentation to reflect SRT removal Remove Sandbox Runtime (SRT) references and update documentation to reflect that AWF is now the only supported sandbox implementation. Legacy workflows using SRT are automatically migrated to AWF during workflow parsing. Changes: - Updated introduction to specify AWF only - Removed SRT configuration examples - Replaced SRT section with deprecation notice and migration guide - Updated field tables to remove SRT identifier - Added migration notes for legacy workflows - Updated feature flags section to remove sandbox-runtime flag Related to #15834 (Remove SRT support) Co-Authored-By: Claude Sonnet 4.5 --- docs/src/content/docs/reference/sandbox.md | 84 ++++++---------------- 1 file changed, 22 insertions(+), 62 deletions(-) diff --git a/docs/src/content/docs/reference/sandbox.md b/docs/src/content/docs/reference/sandbox.md index 9cba687f66..9705632005 100644 --- a/docs/src/content/docs/reference/sandbox.md +++ b/docs/src/content/docs/reference/sandbox.md @@ -8,7 +8,7 @@ disable-agentic-editing: true The `sandbox` field configures sandbox environments for AI engines, providing two main capabilities: -1. **Agent Sandbox** - Controls the agent runtime security (AWF or Sandbox Runtime) +1. **Agent Sandbox** - Controls the agent runtime security using AWF (Agent Workflow Firewall) 2. **Model Context Protocol (MCP) Gateway** - Routes MCP server calls through a unified HTTP gateway ## Configuration @@ -22,10 +22,6 @@ Configure the agent sandbox type to control how the AI engine is isolated: sandbox: agent: awf -# Use Sandbox Runtime (SRT) - experimental -sandbox: - agent: srt - # Disable agent sandbox (firewall only) - use with caution sandbox: agent: false @@ -191,7 +187,7 @@ Custom mounts are useful for: | Field | Type | Description | |-------|------|-------------| -| `id` | `string` | Agent identifier: `awf` or `srt` | +| `id` | `string` | Agent identifier: `awf` | | `command` | `string` | Custom command to replace AWF binary installation | | `args` | `string[]` | Additional arguments appended to the command | | `env` | `object` | Environment variables set on the execution step | @@ -199,71 +195,29 @@ Custom mounts are useful for: When `command` is specified, the standard AWF installation is skipped and your custom command is used instead. -### Sandbox Runtime (SRT) +## Deprecated: Sandbox Runtime (SRT) > [!CAUTION] -> Experimental -> Sandbox Runtime is experimental and requires the `sandbox-runtime` feature flag. +> Removed +> Sandbox Runtime (SRT) support has been removed. AWF is now the only supported sandbox implementation. -Sandbox Runtime provides enhanced isolation using Anthropic's sandbox technology. It supports custom filesystem configuration while network permissions are controlled by the top-level `network` field. +### Migration -```yaml wrap -features: - sandbox-runtime: true +Legacy workflows using `sandbox.agent: srt` or `sandbox: sandbox-runtime` are automatically migrated to AWF during workflow parsing. No manual changes are required. +**Before (automatically migrated):** +```yaml wrap sandbox: - agent: - type: srt - config: - filesystem: - allowWrite: [".", "/tmp", "/home/runner/.copilot"] - denyRead: ["/etc/passwd"] - enableWeakerNestedSandbox: true - -network: - allowed: - - defaults - - python + agent: srt ``` -#### SRT Configuration Options - -| Field | Type | Description | -|-------|------|-------------| -| `filesystem.allowWrite` | `string[]` | Paths allowed for write access | -| `filesystem.denyRead` | `string[]` | Paths denied for read access | -| `filesystem.denyWrite` | `string[]` | Paths denied for write access | -| `ignoreViolations` | `object` | Map of command patterns to paths that should ignore violations | -| `enableWeakerNestedSandbox` | `boolean` | Enable weaker nested sandbox mode (use only when required) | - -> [!NOTE] -> Network Configuration -> Network configuration for SRT is controlled by the top-level `network` field, not the sandbox config. This ensures consistent network policy across all sandbox types. - -#### Custom SRT Configuration - -Similar to AWF, SRT supports custom commands, arguments, and environment variables: - +**After (transparent conversion):** ```yaml wrap -features: - sandbox-runtime: true - sandbox: - agent: - id: srt - command: "custom-srt-wrapper" - args: - - "--custom-arg" - - "--debug" - env: - SRT_DEBUG: "true" - SRT_CUSTOM_VAR: "test_value" - config: - filesystem: - allowWrite: [".", "/tmp"] + agent: awf ``` -When `command` is specified, the standard SRT installation is skipped. The `config` field can still be used for filesystem configuration. +If your workflow previously used SRT, it will now use AWF with the same network permissions configured in the `network` field. AWF provides network egress control while maintaining compatibility with existing workflow configurations. ## MCP Gateway @@ -335,7 +289,7 @@ sandbox: For backward compatibility, legacy formats are still supported: ```yaml wrap -# Legacy string format (deprecated) +# Legacy string format - automatically migrated to AWF sandbox: sandbox-runtime # Legacy object format with 'type' field (deprecated) @@ -351,23 +305,29 @@ sandbox: The `id` field replaces the legacy `type` field in the object format. When both are present, `id` takes precedence. +> [!NOTE] +> SRT Migration +> The legacy string format `sandbox: sandbox-runtime` is automatically converted to `sandbox.agent: awf` during workflow parsing. + ## Feature Flags Some sandbox features require feature flags: | Feature | Flag | Description | |---------|------|-------------| -| Sandbox Runtime | `sandbox-runtime` | Enable SRT agent sandbox | | MCP Gateway | `mcp-gateway` | Enable MCP gateway routing | Enable feature flags in your workflow: ```yaml wrap features: - sandbox-runtime: true mcp-gateway: true ``` +> [!NOTE] +> Removed Feature Flags +> The `sandbox-runtime` feature flag has been removed. It is no longer recognized and will be ignored if present in workflow configurations. + ## Related Documentation - [Network Permissions](/gh-aw/reference/network/) - Configure network access controls