sbx: clarify clone behavior by craig-osterhout · Pull Request #25423 · docker/docs · GitHub
Skip to content

sbx: clarify clone behavior#25423

Open
craig-osterhout wants to merge 4 commits into
docker:mainfrom
craig-osterhout:sbx-issue-260
Open

sbx: clarify clone behavior#25423
craig-osterhout wants to merge 4 commits into
docker:mainfrom
craig-osterhout:sbx-issue-260

Conversation

@craig-osterhout

@craig-osterhout craig-osterhout commented Jun 23, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Description

Clarified that with clone mode, agent can still read untracked & .gitignored files.

Related issues or tickets

docker/sbx-releases#260
https://docker.slack.com/archives/C0B1XV3FQMU/p1782148268612729

Reviews

  • Technical review
  • Editorial review

@craig-osterhout
sbx: clarify clone behavior
6b8f42e 
Signed-off-by: Craig Osterhout <craig.osterhout@docker.com>
@craig-osterhout craig-osterhout requested review from a team and kiview June 23, 2026 15:42
@craig-osterhout craig-osterhout requested a review from dvdksn as a code owner June 23, 2026 15:42
@craig-osterhout craig-osterhout added the status/review Pull requests that are ready for review label Jun 23, 2026
@netlify

netlify Bot commented Jun 23, 2026
edited
Loading

Copy link
Copy Markdown

@craig-osterhout

craig-osterhout commented Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

docker-agent
docker-agent reviewed Jun 23, 2026
View reviewed changes

@docker-agent docker-agent left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assessment: 🟡 NEEDS ATTENTION

Two medium findings in — both concern the same added block about untracked/ignored files being readable inside the sandbox. The security warning and action recommendation are embedded inside an existing bullet rather than surfaced as a callout, which is inconsistent with how the direct-mount section handles equivalent guidance.

Comment thread content/manuals/ai/sandboxes/security/isolation.md Outdated
Comment thread content/manuals/ai/sandboxes/security/isolation.md Outdated
@craig-osterhout
separate bullet
cf49d47 
Signed-off-by: Craig Osterhout <craig.osterhout@docker.com>
@craig-osterhout
move limitation out of benefit
ee05b07 
Signed-off-by: Craig Osterhout <craig.osterhout@docker.com>
@craig-osterhout
update file example
e96b460 
Signed-off-by: Craig Osterhout <craig.osterhout@docker.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kiview kiview Awaiting requested review from kiview
@dvdksn dvdksn Awaiting requested review from dvdksn dvdksn is a code owner
1 more reviewer
@docker-agent docker-agent docker-agent left review comments
Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

area/ai status/review Pull requests that are ready for review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@craig-osterhout @docker-agent