Skip to content

docs(sandboxes): note Cursor and Droid support OAuth login#25547

Open
dvdksn wants to merge 2 commits into
docker:mainfrom
dvdksn:worktree-droid-oauth-docs
Open

docs(sandboxes): note Cursor and Droid support OAuth login#25547
dvdksn wants to merge 2 commits into
docker:mainfrom
dvdksn:worktree-droid-oauth-docs

Conversation

@dvdksn

@dvdksn dvdksn commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

What

The Docker Sandboxes credentials page framed agent OAuth login as exclusive to Claude Code, Codex, and Cursor. Cursor and Droid also support the host-side OAuth flow (Droid via docker/sandboxes#4046, Cursor earlier), so two enumerations were stale:

  • The credential-forms table listed only "Claude Code, Codex, or Cursor" — Droid missing.
  • The best-practices note framed OAuth as "For Claude Code and Codex" — both Cursor and Droid missing.

Changes

content/manuals/ai/sandboxes/security/credentials.md:

  • Add Droid to the OAuth row of the credential-forms table.
  • Rewrite the best-practices OAuth bullet to cover all four agents, distinguish the host-prompt (Codex) from the in-sandbox prompt (Claude Code, Cursor, Droid), and point to the individual agent pages for each flow.

No change to the individual agent pages — each already documents its own OAuth behavior.

🤖 Generated with Claude Code

@netlify

netlify Bot commented Jul 13, 2026

Copy link
Copy Markdown

Deploy Preview for docsdocker ready!

Name Link
🔨 Latest commit b5cd20c
🔍 Latest deploy log https://app.netlify.com/projects/docsdocker/deploys/6a54fd2f4a9d330008c435f1
😎 Deploy Preview https://deploy-preview-25547--docsdocker.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@docker-agent docker-agent left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assessment: 🟡 NEEDS ATTENTION

Comment thread content/manuals/ai/sandboxes/agents/droid.md Outdated
Comment thread content/manuals/ai/sandboxes/agents/droid.md Outdated
The credentials page framed agent OAuth as exclusive to Claude Code, Codex,
and Cursor. Cursor and Droid also support the host-side OAuth flow, so update
the credential-forms table and the best-practices note to include them and
point to the individual agent pages for each flow.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@dvdksn dvdksn force-pushed the worktree-droid-oauth-docs branch from 8302c89 to d9c360b Compare July 13, 2026 13:30
@dvdksn dvdksn changed the title docs(sandboxes): document proxy-managed Droid OAuth docs(sandboxes): note Cursor and Droid support OAuth login Jul 13, 2026
@dvdksn dvdksn requested a review from a team July 13, 2026 14:24
@dvdksn dvdksn marked this pull request as ready for review July 13, 2026 14:24

@docker-agent docker-agent left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assessment: 🟡 NEEDS ATTENTION

host, so the token is never exposed inside the sandbox. If you haven't stored
a credential, the agent prompts you to authenticate — Codex prompts on the
host from `sbx run codex`, while Claude Code, Cursor, and Droid prompt
interactively inside the sandbox. To authenticate ahead of time, run

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[MEDIUM] Ahead-of-time OAuth instructions only cover Codex and Claude Code — Cursor and Droid are missing

The rewritten bullet now advertises OAuth support for all four agents (Claude Code, Codex, Cursor, Droid), but the concrete ahead-of-time authentication commands still only cover two of them:

To authenticate ahead of time, run sbx secret set -g openai --oauth for Codex, or use /login inside Claude Code.

Users of Cursor or Droid who want to pre-authenticate before the sandbox launches are left without direct guidance. The added link to the agent pages (See the individual [agent pages](../agents/) for each agent's flow.) partially mitigates this, but readers who don't follow the link may conclude that only Codex and Claude Code support pre-authentication.

Consider either:

  • Adding the equivalent ahead-of-time commands/steps for Cursor and Droid inline, or
  • Restructuring the sentence so it's clear the link is the authoritative source for all agents' flows, not just those not already mentioned.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed in b5cd20c. Verified that neither Cursor nor Droid supports ahead-of-time OAuth (Droid's sbx secret set -g droid --oauth errors; Cursor only prompts on first run), so the bullet now states explicitly that their sign-in prompt appears when the agent starts, rather than leaving those users to infer it from the agent pages.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perfect — thanks for verifying the agent behavior and making the distinction explicit. The updated text now clearly guides users to expect the sign-in prompt at agent start for Cursor and Droid, rather than leaving them searching for a non-existent ahead-of-time command. This closes the gap I flagged.

@docker-agent docker-agent left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assessment: 🟢 APPROVE

The changes correctly expand OAuth agent support from Claude Code + Codex to also include Cursor and Droid in both the credential-forms table and the best-practices bullet. One minor documentation gap was noted.

interactively inside the sandbox. To authenticate ahead of time, run
`sbx secret set -g openai --oauth` for Codex, or use `/login` inside Claude
Code.
Code. See the individual [agent pages](../agents/) for each agent's flow.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[LOW] Ahead-of-time OAuth authentication guidance omits Cursor and Droid

The rewritten bullet now covers four agents but the ahead-of-time authentication commands shown are only for Codex (sbx secret set -g openai --oauth) and Claude Code (/login). No equivalent command or explicit note is provided for Cursor or Droid. The closing sentence "See the individual agent pages for each agent's flow" softens the gap, but a user who wants to pre-authenticate with Cursor or Droid before launching a sandbox has no actionable guidance here.

Consider adding ahead-of-time commands for Cursor and Droid if they exist, or a brief note such as "Cursor and Droid don't support ahead-of-time OAuth; the prompt appears inside the sandbox when the agent starts." This avoids sending users on a hunt through agent pages for information that could live here.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed in b5cd20c — added an explicit note that Cursor and Droid have no ahead-of-time OAuth option and prompt inside the sandbox at agent start.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perfect, thanks! The added note "Cursor and Droid have no ahead-of-time option, so their sign-in prompt appears when the agent starts" gives users the clarity they need without requiring a hunt through docs.

The best-practices OAuth bullet advertised four agents but only gave
ahead-of-time commands for Codex and Claude Code. Cursor and Droid only prompt
inside the sandbox at agent start, so state that explicitly instead of leaving
those users to infer it from the agent pages.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants