Document scoped network policies for sbx#24978
Open
dvdksn wants to merge 2 commits into
Open
Conversation
✅ Deploy Preview for docsdocker ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
dvdksn
force-pushed
the
docs/sbx-scoped-kit-policies
branch
2 times, most recently
from
373fd11 to
a12f5fd
Compare
Kit network policy docs did not cover sandbox-scoped rules or kit-level deniedDomains. Update the Sandboxes policy and kits pages with scoped policy examples, deniedDomains guidance, and a small policy page formatting fix. Co-Authored-By: Codex <noreply@openai.com>
dvdksn
force-pushed
the
docs/sbx-scoped-kit-policies
branch
from
a12f5fd to
dcffd19
Compare
docker-agent
reviewed
May 7, 2026
docker-agent
left a comment
docker-agent
left a comment
There was a problem hiding this comment.
Assessment: 🔴 CRITICAL
The documentation changes in the markdown files look accurate and well-written — the new deniedDomains field, -g/--global flag, and sandbox-scoped policy examples are clearly documented. However, all four data/sbx_cli/*.yaml files modified in this PR are auto-generated CLI reference data (matching the data/*/*.yaml pattern flagged as auto-generated in the project guidelines). These files should be regenerated from the upstream CLI source rather than edited manually. See inline comments.
Findings summary:
- 🔴 4× HIGH —
data/sbx_cli/*.yamlfiles hand-edited (should be regenerated from upstream)
kiview
approved these changes
May 7, 2026
dvdksn
changed the title
docker-agent
reviewed
May 7, 2026
docker-agent
left a comment
docker-agent
left a comment
There was a problem hiding this comment.
Assessment: 🟡 NEEDS ATTENTION
2 medium-severity documentation issues found in the new sbx policy ls output section. No high-severity issues, no vendored file edits flagged, no missing redirects.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Merged
dvdksn
added a commit
that referenced
this pull request
May 11, 2026
Adds information about org governance/policy features with sbx. ~Stacked on #24978~ Preview: https://deploy-preview-25016--docsdocker.netlify.app/ai/sandboxes/security/governance/ Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Document sandbox-scoped network policy behavior for Sandboxes kits, including kit-level
deniedDomains, scopedsbx policy [cmd] [sandbox]examples, and the updatedsbx policy lsoutput shape.Also fixes a small formatting issue in the policy reset section.
https://deploy-preview-24978--docsdocker.netlify.app/ai/sandboxes/security/policy/
Generated by Codex