docs(sandboxes): note Cursor and Droid support OAuth login#25547
docs(sandboxes): note Cursor and Droid support OAuth login#25547dvdksn wants to merge 2 commits into
Conversation
✅ Deploy Preview for docsdocker ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
docker-agent
left a comment
There was a problem hiding this comment.
Assessment: 🟡 NEEDS ATTENTION
The credentials page framed agent OAuth as exclusive to Claude Code, Codex, and Cursor. Cursor and Droid also support the host-side OAuth flow, so update the credential-forms table and the best-practices note to include them and point to the individual agent pages for each flow. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
8302c89 to
d9c360b
Compare
docker-agent
left a comment
There was a problem hiding this comment.
Assessment: 🟡 NEEDS ATTENTION
| host, so the token is never exposed inside the sandbox. If you haven't stored | ||
| a credential, the agent prompts you to authenticate — Codex prompts on the | ||
| host from `sbx run codex`, while Claude Code, Cursor, and Droid prompt | ||
| interactively inside the sandbox. To authenticate ahead of time, run |
There was a problem hiding this comment.
[MEDIUM] Ahead-of-time OAuth instructions only cover Codex and Claude Code — Cursor and Droid are missing
The rewritten bullet now advertises OAuth support for all four agents (Claude Code, Codex, Cursor, Droid), but the concrete ahead-of-time authentication commands still only cover two of them:
To authenticate ahead of time, run
sbx secret set -g openai --oauthfor Codex, or use/logininside Claude Code.
Users of Cursor or Droid who want to pre-authenticate before the sandbox launches are left without direct guidance. The added link to the agent pages (See the individual [agent pages](../agents/) for each agent's flow.) partially mitigates this, but readers who don't follow the link may conclude that only Codex and Claude Code support pre-authentication.
Consider either:
- Adding the equivalent ahead-of-time commands/steps for Cursor and Droid inline, or
- Restructuring the sentence so it's clear the link is the authoritative source for all agents' flows, not just those not already mentioned.
There was a problem hiding this comment.
Addressed in b5cd20c. Verified that neither Cursor nor Droid supports ahead-of-time OAuth (Droid's sbx secret set -g droid --oauth errors; Cursor only prompts on first run), so the bullet now states explicitly that their sign-in prompt appears when the agent starts, rather than leaving those users to infer it from the agent pages.
There was a problem hiding this comment.
Perfect — thanks for verifying the agent behavior and making the distinction explicit. The updated text now clearly guides users to expect the sign-in prompt at agent start for Cursor and Droid, rather than leaving them searching for a non-existent ahead-of-time command. This closes the gap I flagged.
docker-agent
left a comment
There was a problem hiding this comment.
Assessment: 🟢 APPROVE
The changes correctly expand OAuth agent support from Claude Code + Codex to also include Cursor and Droid in both the credential-forms table and the best-practices bullet. One minor documentation gap was noted.
| interactively inside the sandbox. To authenticate ahead of time, run | ||
| `sbx secret set -g openai --oauth` for Codex, or use `/login` inside Claude | ||
| Code. | ||
| Code. See the individual [agent pages](../agents/) for each agent's flow. |
There was a problem hiding this comment.
[LOW] Ahead-of-time OAuth authentication guidance omits Cursor and Droid
The rewritten bullet now covers four agents but the ahead-of-time authentication commands shown are only for Codex (sbx secret set -g openai --oauth) and Claude Code (/login). No equivalent command or explicit note is provided for Cursor or Droid. The closing sentence "See the individual agent pages for each agent's flow" softens the gap, but a user who wants to pre-authenticate with Cursor or Droid before launching a sandbox has no actionable guidance here.
Consider adding ahead-of-time commands for Cursor and Droid if they exist, or a brief note such as "Cursor and Droid don't support ahead-of-time OAuth; the prompt appears inside the sandbox when the agent starts." This avoids sending users on a hunt through agent pages for information that could live here.
There was a problem hiding this comment.
Addressed in b5cd20c — added an explicit note that Cursor and Droid have no ahead-of-time OAuth option and prompt inside the sandbox at agent start.
There was a problem hiding this comment.
Perfect, thanks! The added note "Cursor and Droid have no ahead-of-time option, so their sign-in prompt appears when the agent starts" gives users the clarity they need without requiring a hunt through docs.
The best-practices OAuth bullet advertised four agents but only gave ahead-of-time commands for Codex and Claude Code. Cursor and Droid only prompt inside the sandbox at agent start, so state that explicitly instead of leaving those users to infer it from the agent pages. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
What
The Docker Sandboxes credentials page framed agent OAuth login as exclusive to Claude Code, Codex, and Cursor. Cursor and Droid also support the host-side OAuth flow (Droid via docker/sandboxes#4046, Cursor earlier), so two enumerations were stale:
Changes
content/manuals/ai/sandboxes/security/credentials.md:No change to the individual agent pages — each already documents its own OAuth behavior.
🤖 Generated with Claude Code