From d9c360b3d929cfab849ec395670c048578bdb04e Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Mon, 13 Jul 2026 15:30:35 +0200 Subject: [PATCH 1/2] docs(sandboxes): note Cursor and Droid support OAuth login The credentials page framed agent OAuth as exclusive to Claude Code, Codex, and Cursor. Cursor and Droid also support the host-side OAuth flow, so update the credential-forms table and the best-practices note to include them and point to the individual agent pages for each flow. Co-Authored-By: Claude Opus 4.8 (1M context) --- .../manuals/ai/sandboxes/security/credentials.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/content/manuals/ai/sandboxes/security/credentials.md b/content/manuals/ai/sandboxes/security/credentials.md index 89424f24393..9b0313eb8a0 100644 --- a/content/manuals/ai/sandboxes/security/credentials.md +++ b/content/manuals/ai/sandboxes/security/credentials.md @@ -28,7 +28,7 @@ value for the same service, the stored secret takes precedence. | --------------------------------------------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------- | | [Stored secrets](#stored-secrets) (`sbx secret set`) | A value in your OS keychain, keyed by service | The default for any built-in or kit-declared service | | [Custom secrets](#custom-secrets) (`sbx secret set-custom`) | A value keyed to a domain and environment variable | The service model doesn't fit — the agent validates the variable's format, or the secret rides in a request body | -| OAuth | A host-side sign-in flow; the token never enters the sandbox | The agent supports it, such as Claude Code, Codex, or Cursor | +| OAuth | A host-side sign-in flow; the token never enters the sandbox | The agent supports it, such as Claude Code, Codex, Cursor, or Droid | | [Registry credentials](#registry-credentials) (`sbx secret set --registry`) | Authentication for pulling images and kits | Pulling templates or kits from a private registry | For multi-provider agents (OpenCode, Docker Agent), the proxy selects @@ -358,13 +358,13 @@ $ sbx secret rm my-sandbox --registry ghcr.io -f proxy-injected service credentials, which never enter the sandbox. Reserve them for sandboxes that need registry access, and prefer sandbox scope over global (`-g`) to limit exposure. -- For Claude Code and Codex, OAuth is another secure option: the flow runs on - the host, so the token is never exposed inside the sandbox. If you haven't - stored a credential, both agents prompt you to authenticate before the - sandbox launches — Codex prompts on the host from `sbx run codex`, and Claude - Code prompts inside the agent. To authenticate ahead of time, run +- Several agents support OAuth as another secure option: the flow runs on the + host, so the token is never exposed inside the sandbox. If you haven't stored + a credential, the agent prompts you to authenticate — Codex prompts on the + host from `sbx run codex`, while Claude Code, Cursor, and Droid prompt + interactively inside the sandbox. To authenticate ahead of time, run `sbx secret set -g openai --oauth` for Codex, or use `/login` inside Claude - Code. + Code. See the individual [agent pages](../agents/) for each agent's flow. - If you store credentials in 1Password, see [Sourcing credentials from 1Password](../workflows.md#sourcing-credentials-from-1password) for how to use `op read` and `op run` with `sbx`. From b5cd20c7c93487e71ce08238b95443ad44387c1d Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Mon, 13 Jul 2026 16:58:46 +0200 Subject: [PATCH 2/2] docs(sandboxes): clarify Cursor and Droid have no ahead-of-time OAuth The best-practices OAuth bullet advertised four agents but only gave ahead-of-time commands for Codex and Claude Code. Cursor and Droid only prompt inside the sandbox at agent start, so state that explicitly instead of leaving those users to infer it from the agent pages. Co-Authored-By: Claude Opus 4.8 (1M context) --- content/manuals/ai/sandboxes/security/credentials.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/content/manuals/ai/sandboxes/security/credentials.md b/content/manuals/ai/sandboxes/security/credentials.md index 9b0313eb8a0..595d75fadd7 100644 --- a/content/manuals/ai/sandboxes/security/credentials.md +++ b/content/manuals/ai/sandboxes/security/credentials.md @@ -363,8 +363,10 @@ $ sbx secret rm my-sandbox --registry ghcr.io -f a credential, the agent prompts you to authenticate — Codex prompts on the host from `sbx run codex`, while Claude Code, Cursor, and Droid prompt interactively inside the sandbox. To authenticate ahead of time, run - `sbx secret set -g openai --oauth` for Codex, or use `/login` inside Claude - Code. See the individual [agent pages](../agents/) for each agent's flow. + `sbx secret set -g openai --oauth` for Codex or use `/login` inside Claude + Code; Cursor and Droid have no ahead-of-time option, so their sign-in prompt + appears when the agent starts. See the individual [agent pages](../agents/) + for each agent's flow. - If you store credentials in 1Password, see [Sourcing credentials from 1Password](../workflows.md#sourcing-credentials-from-1password) for how to use `op read` and `op run` with `sbx`.