MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-04-20 10:10:56 -07:00
Code Issues Packages Projects Releases Wiki Activity

refactor(core): extract and centralize sandbox path utilities (#25305)

Browse Source 
Co-authored-by: David Pierce <davidapierce@google.com>
This commit is contained in:
Emily Hedlund
2026-04-13 11:43:13 -07:00
committed by GitHub
parent b91d177bde
commit 0d6d5d90b9
6 changed files with 121 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/core/src/tools/shell.ts
+4 -9
View File
@@ -10,10 +10,7 @@ import path from 'node:path';
import os from 'node:os';
import crypto from 'node:crypto';
import { debugLogger } from '../index.js';
import {
type SandboxPermissions,
getPathIdentity,
} from '../services/sandboxManager.js';
import { type SandboxPermissions } from '../services/sandboxManager.js';
import { ToolErrorType } from './tool-error.js';
import {
BaseDeclarativeTool,
@@ -52,7 +49,7 @@ import type { MessageBus } from '../confirmation-bus/message-bus.js';
import { getShellDefinition } from './definitions/coreTools.js';
import { resolveToolDeclaration } from './definitions/resolver.js';
import type { AgentLoopContext } from '../config/agent-loop-context.js';
import { isSubpath, resolveToRealPath } from '../utils/paths.js';
import { toPathKey, isSubpath, resolveToRealPath } from '../utils/paths.js';
import {
getProactiveToolSuggestions,
isNetworkReliantCommand,
@@ -307,15 +304,13 @@ export class ShellToolInvocation extends BaseToolInvocation<
approvedPaths?: string[],
): boolean => {
if (!approvedPaths || approvedPaths.length === 0) return false;
const requestedRealIdentity = getPathIdentity(
const requestedRealIdentity = toPathKey(
resolveToRealPath(requestedPath),
);
// Identity check is fast, subpath check is slower
return approvedPaths.some((p) => {
const approvedRealIdentity = getPathIdentity(
resolveToRealPath(p),
);
const approvedRealIdentity = toPathKey(resolveToRealPath(p));
return (
requestedRealIdentity === approvedRealIdentity ||
isSubpath(approvedRealIdentity, requestedRealIdentity)