MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-03-16 17:11:04 -07:00
Code Issues Packages Projects Releases Wiki Activity

feat(core): implement progressive elevation and AI error awareness for Windows sandbox

Browse Source
This commit is contained in:
mkorwel
2026-03-09 22:46:13 -07:00
parent 5c0b0f98ec
commit 1633cd88ac
6 changed files with 77 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
packages/cli/src/config/sandboxConfig.ts
View File

@@ -43,8 +43,14 @@ function isSandboxCommand(
function getSandboxCommand(
sandbox?: boolean | string | null,
): SandboxConfig['command'] | '' {
// If the SANDBOX env var is set, we're already inside the sandbox.
if (process.env['SANDBOX']) {
// If the SANDBOX env var is set, we're already inside a container-based sandbox.
// For native sandboxing (windows-native, sandbox-exec), we still need the command
// to be active in the child process to restrict tool calls.
if (
process.env['SANDBOX'] &&
process.env['SANDBOX'] !== 'windows-native' &&
process.env['SANDBOX'] !== 'sandbox-exec'
) {
return '';
}
@@ -143,10 +149,15 @@ export async function loadSandboxConfig(
const allowedPaths =
allowedPathsEnv ?? settings.tools?.sandboxAllowedPaths ?? [];
const enabled =
(sandboxOption !== undefined && sandboxOption !== false) ||
command === 'windows-native' ||
command === 'sandbox-exec';
return command &&
(image || command === 'sandbox-exec' || command === 'windows-native')
? {
enabled: true,
enabled,
allowedPaths,
networkAccess,
command,