Skip to content

v1.12.0 — Sandbox tier selection (all OSS), .symbi extension, SecurityTier::Hosted

Choose a tag to compare

View all tags
@jaschadub jaschadub released this 29 Apr 18:10
v1.12.0
e5abe6f
This commit was signed with the committer’s verified signature.
symbibot Symbi Bot
GPG key ID: 7B0BF546C173D14B
Verified
Learn about vigilant mode.

Highlights

This release ships selectable host-isolation tiers — all OSS (no Enterprise gating), promotes .symbi as the canonical agent file extension, and reshapes the security model so E2B is correctly classified as a hosted backend rather than a peer of the on-host tiers.

Sandbox tier selection — all OSS

Operators now pick the sandbox tier per agent via the DSL with { sandbox = ... } block, or set a project default via [sandbox] tier = "..." in symbiont.toml. All three host-isolation tiers ship in the OSS runtime:

Tier Backend Selection Prerequisites
tier1 Docker default docker daemon
tier2 gVisor (runsc) with { sandbox = "gvisor" } runsc registered as Docker runtime
tier3 Firecracker microVM with { sandbox = "firecracker" } firecracker binary + operator-supplied vmlinux + rootfs.ext4

New runtime modules: crates/runtime/src/sandbox/gvisor.rs and crates/runtime/src/sandbox/firecracker.rs. symbi doctor now reports reachability of runsc and firecracker in addition to docker.

.symbi canonical agent file extension

Agent definitions now use .symbi. Legacy .dsl continues to be recognized indefinitely for backward compatibility — no migration is required. New helpers dsl::is_symbi_file / dsl::strip_symbi_extension. The 14 example agents in agents/ were renamed.

Tier 3 symbi init flags

symbi init --profile assistant --sandbox tier3 \
  --firecracker-kernel /var/lib/firecracker/vmlinux \
  --firecracker-rootfs /var/lib/firecracker/rootfs.ext4

Both paths are validated before scaffolding [sandbox.firecracker] into symbiont.toml. The new docs/firecracker-setup.md covers prerequisites, a quickstart recipe (prebuilt vmlinux + minimal Alpine rootfs), the in-VM init contract, transport patterns for /work (vsock vs. second block device), a hardening checklist, and troubleshooting.

SecurityTier::Hosted — E2B is not a tier

E2B is no longer modeled as a peer of Tier 1/2/3 — it is a separate hosted-cloud backend with no on-host isolation. E2B → SecurityTier::Hosted sorts below Tier1 for ordering, so policies requiring host isolation (tier >= Tier1) now correctly reject hosted execution. E2B remains opt-in only via DSL (with { sandbox = "e2b" }); it is intentionally not exposed as an [sandbox] tier value or a --sandbox flag.

Migration notes

  • No breaking changes. Existing .dsl files continue to work without modification.
  • Operators using E2B should review any policies that relied on E2B → SecurityTier::Tier1 parity — those policies will now correctly fail on hosted execution unless re-scoped.

Documentation

All English docs and five translations (zh-cn, es, pt, ja, de) updated in lockstep:

  • docs/security-model.md — three-tier ladder + Hosted-execution sidebar
  • docs/firecracker-setup.md — new (translated to all five languages)
  • docs/getting-started.md, docs/runtime-architecture.md, docs/index.md — three-tier coverage
  • docs/api-reference.md, docs/docker.md, docs/http-input.md, docs/native-execution-guide.md.symbi callouts

Verification

cargo fmt --check, cargo clippy --workspace --all-targets -- -D warnings, and cargo test --workspace --no-fail-fast all pass (~1300 tests across the workspace).

Full Changelog: https://github.com/ThirdKeyAI/Symbiont/blob/main/CHANGELOG.md

Pre-Built Binaries

Note: Pre-built binaries are tested but considered less reliable than installing via cargo install symbi or Docker (ghcr.io/thirdkeyai/symbi). If you encounter issues, please try those methods first.

Quick Install

macOS / Linux:

curl -fsSL https://raw.githubusercontent.com/thirdkeyai/symbiont/main/scripts/install.sh | bash

Homebrew (macOS):

brew tap thirdkeyai/tap
brew install symbi

Manual download:
Download the appropriate binary for your platform from the assets below. Verify checksums with checksums.txt.

Verification

Each binary is signed with Sigstore cosign. Verify with:

cosign verify-blob --certificate symbi-*.pem --signature symbi-*.sig symbi-*.tar.gz \
  --certificate-identity-regexp="https://github.com/ThirdKeyAI/Symbiont" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SHA256 checksums are in checksums.txt (also signed).

Assets 17
Loading