Audit Logs, Runner Binary, and Sandbox Recovery
This release improves auditability, performance, and sandbox resilience.
The API now serves runner binaries directly, reducing latency and improving local runner setup. A new audit log OpenSearch adapter introduces searchable, structured audit data across API and dashboard for better monitoring and compliance visibility.
Additionally, the API introduces recovery for specific sandbox failure messages, unified lock management across sandbox state operations, and caching for API key validation, making system operations more efficient and reliable.
Release Details
Features
api: serve runner binary (#2653)
api: align locks across user, auto and manager sandbox state operations (#2628)
api: api key caching (e9073439)
api: improve limit exceeded messages (#2667)
api: sandbox recovery for specific error messages (#2693)
api,dashboard: audit log opensearch adapter (#2614)
Fixes
api: ssh token starting char (#2599)
api: sandbox action auditing (#2613)
api: update user email if auth payload email differs (#2669)
api: labels query fallback (#2681)
daemon: kill child processes when deleting sessions (#2620)
dashboard: use correct permission for deleting volumes (#2682)
sdk: websocket, upload/download files for multiple ts/js runtimes (#2679)
sdk: treat 404 errors as a destroyed state during sandbox stop and delete (#2688)
Refactor
api,cli,ssh-gateway,sdk: remove legacyProxyUrl and runnerDomain properties from user facing DTOs (#2656)
dashboard: improve sandbox table ux (#2678)
Chores
deps: bump nodemailer from 6.10.1 to 7.0.7 (#2595)