feat(core): add tool sandboxing setting and initialization

- Add `tools.sandboxing` boolean flag to `settingsSchema.ts` to control whether tools are executed within a sandbox.
- Introduce `createSandboxManager` factory function that returns either `LocalSandboxManager` or `NoopSandboxManager` based on the new setting.
- Update `Config` initialization to read the setting and construct the appropriate sandbox manager.
- Update unit tests to reflect the new initialization and instantiation behavior.

packages/cli/src/config/config.ts

@@ -699,6 +699,7 @@ export async function loadCliConfig(
     clientVersion: await getVersion(),
     embeddingModel: DEFAULT_GEMINI_EMBEDDING_MODEL,
     sandbox: sandboxConfig,
+    toolSandboxing: settings.tools?.sandboxing ?? false,
     targetDir: cwd,
     includeDirectoryTree,
     includeDirectories,

packages/cli/src/config/settingsSchema.ts

@@ -1247,6 +1247,15 @@ const SETTINGS_SCHEMA = {
     description: 'Settings for built-in and custom tools.',
     showInDialog: false,
     properties: {
+      sandboxing: {
+        type: 'boolean',
+        label: 'Tool Sandboxing',
+        category: 'Tools',
+        requiresRestart: false,
+        default: false,
+        description: 'Enable sandboxing for tool execution.',
+        showInDialog: true,
+      },
       sandbox: {
         type: 'string',
         label: 'Sandbox',

packages/core/src/config/config.ts

@@ -42,7 +42,7 @@ import type { HookDefinition, HookEventName } from '../hooks/types.js';
 import { FileDiscoveryService } from '../services/fileDiscoveryService.js';
 import { GitService } from '../services/gitService.js';
 import {
-  NoopSandboxManager,
+  createSandboxManager,
   type SandboxManager,
 } from '../services/sandboxManager.js';
 import {
@@ -496,6 +496,7 @@ export interface ConfigParameters {
   clientVersion?: string;
   embeddingModel?: string;
   sandbox?: SandboxConfig;
+  toolSandboxing?: boolean;
   targetDir: string;
   debugMode: boolean;
   question?: string;
@@ -1094,7 +1095,7 @@ export class Config implements McpContext, AgentLoopContext {
       }
     }
     this._geminiClient = new GeminiClient(this);
-    this._sandboxManager = new NoopSandboxManager();
+    this._sandboxManager = createSandboxManager(params.toolSandboxing ?? false);
     this.shellExecutionConfig.sandboxManager = this._sandboxManager;
     this.modelRouterService = new ModelRouterService(this);
 

packages/core/src/services/sandboxManager.test.ts

@@ -45,7 +45,7 @@ describe('NoopSandboxManager', () => {
     expect(result.env['MY_SECRET']).toBeUndefined();
   });
 
-  it('should force environment variable redaction even if not requested in config', async () => {
+  it('should respect environment variable redaction setting in config', async () => {
     const req = {
       command: 'echo',
       args: ['hello'],
@@ -62,7 +62,7 @@ describe('NoopSandboxManager', () => {
 
     const result = await sandboxManager.prepareCommand(req);
 
-    expect(result.env['API_KEY']).toBeUndefined();
+    expect(result.env['API_KEY']).toBe('sensitive-key');
   });
 
   it('should respect allowedEnvironmentVariables in config', async () => {

packages/core/src/services/sandboxManager.ts

@@ -78,3 +78,24 @@ export class NoopSandboxManager implements SandboxManager {
     };
   }
 }
+
+/**
+ * SandboxManager that implements actual sandboxing.
+ */
+export class LocalSandboxManager implements SandboxManager {
+  async prepareCommand(_req: SandboxRequest): Promise<SandboxedCommand> {
+    throw new Error('Tool sandboxing is not yet implemented.');
+  }
+}
+
+/**
+ * Creates a sandbox manager based on the provided settings.
+ */
+export function createSandboxManager(
+  sandboxingEnabled: boolean,
+): SandboxManager {
+  if (sandboxingEnabled) {
+    return new LocalSandboxManager();
+  }
+  return new NoopSandboxManager();
+}