feat(core): implement Windows sandbox dynamic expansion Phase 1 and 2.1 (#23691)

2026-04-21 18:44:30 -07:00 · 2026-03-25 17:54:45 +00:00
parent f11bd3d079
commit 1b052df52f
18 changed files with 1168 additions and 528 deletions
@@ -99,12 +99,25 @@ function touch(filePath: string, isDirectory: boolean) {
  }
 }

+import {
+  isKnownSafeCommand,
+  isDangerousCommand,
+} from '../macos/commandSafety.js';
+
 /**
 * A SandboxManager implementation for Linux that uses Bubblewrap (bwrap).
 */
 export class LinuxSandboxManager implements SandboxManager {
  constructor(private readonly options: GlobalSandboxOptions) {}

+  isKnownSafeCommand(args: string[]): boolean {
+    return isKnownSafeCommand(args);
+  }
+
+  isDangerousCommand(args: string[]): boolean {
+    return isDangerousCommand(args);
+  }
+
  async prepareCommand(req: SandboxRequest): Promise<SandboxedCommand> {
    const sanitizationConfig = getSecureSanitizationConfig(
      req.policy?.sanitizationConfig,