Summary
Vercel updated Sandbox so its domain-restricted firewall can connect to hosted Postgres databases without breaking on the protocol's TLS negotiation flow. The change makes it easier to run database-aware agent workloads inside locked-down execution environments.
What changed
Vercel changed Sandbox firewall handling so Postgres TLS negotiation works with domain-based egress restrictions.
Why it matters
Safe code execution environments are becoming standard infrastructure for coding agents, but they lose value if common backend connections break under restrictive network policies. This update makes Vercel's sandboxing model more practical for real full-stack agent workloads instead of only stateless code tasks.
Evidence excerpt
Vercel says Sandbox now adjusts for the Postgres TLS negotiation flow so domain-based firewall policies can still connect to hosted databases.