docs(sandboxes): credential bindings, kit spec v2

[dvdksn]

Summary

Reworks the Docker Sandboxes credential and kit-spec documentation for the kit
schemaVersion: "2" model: user-controlled credential bindings, the first-run
binding-approval flow, and the v2 kit-authoring schema.

What's in this PR

Credential model (security/credentials.md)

• Credential bindings (~/.config/sbx/credentials.yaml) as the authorization
  mechanism: per-service discovery + allowedDomains.
• First-run approval flow (terminal and TUI), covering both API-key and OAuth.
• Fail-closed by default for schemaVersion: "2" agents; credentials.failClosed
  documented as the override that extends the rule to older-schema kits.
• Environment variables documented as a binding discovery source — no implicit
  host-env fallback for built-in agents.

Kit-authoring schema (customize/kit-reference.md, kits.md, kit-examples.md)

• Examples default to schemaVersion: "2".
• New "Schema versions" section + a v1→v2 field mapping. v1 is still supported
  and auto-normalized, so migration is incremental.
• Credentials rewritten to the credentials[] / apiKey / oauth shape
  (discovery moved to bindings); network → caps.network; proxyManaged removed.

Supporting pages

• All built-in agent pages: env-var authentication now flows through a credential
  binding.
• troubleshooting.md: the "no approved binding" failure (non-interactive run or
  declined prompt).

Status

Note

Draft — intentionally held. This documents the end state once built-in
agents move to schemaVersion: "2" and credential bindings become the default
(gated on the built-in v2 migration, docker/sandboxes#3684). Publishing before
that ships would describe behavior most users wouldn't yet hit.

The kit-authoring schema changes (kit-reference / kits / examples) describe a
schema that already exists and could publish sooner; the end-user
credential-model changes (credentials.md, agent pages, troubleshooting)
should publish when the migration lands.

Open TODOs before publishing

• Confirm the upgrade path for users with a pre-existing stored secret — are
  they auto-bound on first run, or prompted to approve a binding? Tracked by an
  inline TODO in credentials.md.
• customize/build-an-agent.md is still on the v1 schema — update in a
  separate follow-up PR.
• Final pass on prompt / UX wording against the shipped build.

Generated by Claude Code

[netlify]

✅ Deploy Preview for docsdocker ready!

Name	Link
🔨 Latest commit	5200f4f
🔍 Latest deploy log	https://app.netlify.com/projects/docsdocker/deploys/6a3416fe70e564000825117a
😎 Deploy Preview	https://deploy-preview-25369--docsdocker.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[docker-agent]

Assessment: 🟡 NEEDS ATTENTION

The credentials page rework is well-structured and the new content (credential bindings, fail-closed mode, registry scope table) is accurate and useful. Three style violations in the newly-added content need attention before merge — all are bold misuse per the Docker style guide.