From 52fb019698b139a7f51bd6eac14a3f6eb9c21416 Mon Sep 17 00:00:00 2001
From: galz10 <galzahavi@google.com>
Date: Thu, 12 Mar 2026 11:43:53 -0700
Subject: [PATCH] feat(core): add tool sandboxing setting and initialization

- Add `tools.sandboxing` boolean flag to `settingsSchema.ts` to control whether tools are executed within a sandbox.
- Introduce `createSandboxManager` factory function that returns either `LocalSandboxManager` or `NoopSandboxManager` based on the new setting.
- Update `Config` initialization to read the setting and construct the appropriate sandbox manager.
- Update unit tests to reflect the new initialization and instantiation behavior.
---
 packages/cli/src/config/config.ts             |  1 +
 packages/cli/src/config/settingsSchema.ts     |  9 ++++++++
 packages/core/src/config/config.ts            |  5 +++--
 .../core/src/services/sandboxManager.test.ts  |  4 ++--
 packages/core/src/services/sandboxManager.ts  | 21 +++++++++++++++++++
 5 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/packages/cli/src/config/config.ts b/packages/cli/src/config/config.ts
index a8c85975e9..583bdcf3e8 100755
--- a/packages/cli/src/config/config.ts
+++ b/packages/cli/src/config/config.ts
@@ -699,6 +699,7 @@ export async function loadCliConfig(
     clientVersion: await getVersion(),
     embeddingModel: DEFAULT_GEMINI_EMBEDDING_MODEL,
     sandbox: sandboxConfig,
+    toolSandboxing: settings.tools?.sandboxing ?? false,
     targetDir: cwd,
     includeDirectoryTree,
     includeDirectories,
diff --git a/packages/cli/src/config/settingsSchema.ts b/packages/cli/src/config/settingsSchema.ts
index bd1f9d82a4..6c4715fabd 100644
--- a/packages/cli/src/config/settingsSchema.ts
+++ b/packages/cli/src/config/settingsSchema.ts
@@ -1247,6 +1247,15 @@ const SETTINGS_SCHEMA = {
     description: 'Settings for built-in and custom tools.',
     showInDialog: false,
     properties: {
+      sandboxing: {
+        type: 'boolean',
+        label: 'Tool Sandboxing',
+        category: 'Tools',
+        requiresRestart: false,
+        default: false,
+        description: 'Enable sandboxing for tool execution.',
+        showInDialog: true,
+      },
       sandbox: {
         type: 'string',
         label: 'Sandbox',
diff --git a/packages/core/src/config/config.ts b/packages/core/src/config/config.ts
index 55eae40247..8ce270a3bb 100644
--- a/packages/core/src/config/config.ts
+++ b/packages/core/src/config/config.ts
@@ -42,7 +42,7 @@ import type { HookDefinition, HookEventName } from '../hooks/types.js';
 import { FileDiscoveryService } from '../services/fileDiscoveryService.js';
 import { GitService } from '../services/gitService.js';
 import {
-  NoopSandboxManager,
+  createSandboxManager,
   type SandboxManager,
 } from '../services/sandboxManager.js';
 import {
@@ -496,6 +496,7 @@ export interface ConfigParameters {
   clientVersion?: string;
   embeddingModel?: string;
   sandbox?: SandboxConfig;
+  toolSandboxing?: boolean;
   targetDir: string;
   debugMode: boolean;
   question?: string;
@@ -1094,7 +1095,7 @@ export class Config implements McpContext, AgentLoopContext {
       }
     }
     this._geminiClient = new GeminiClient(this);
-    this._sandboxManager = new NoopSandboxManager();
+    this._sandboxManager = createSandboxManager(params.toolSandboxing ?? false);
     this.shellExecutionConfig.sandboxManager = this._sandboxManager;
     this.modelRouterService = new ModelRouterService(this);
 
diff --git a/packages/core/src/services/sandboxManager.test.ts b/packages/core/src/services/sandboxManager.test.ts
index bac8a8a55c..cc8aacc90b 100644
--- a/packages/core/src/services/sandboxManager.test.ts
+++ b/packages/core/src/services/sandboxManager.test.ts
@@ -45,7 +45,7 @@ describe('NoopSandboxManager', () => {
     expect(result.env['MY_SECRET']).toBeUndefined();
   });
 
-  it('should force environment variable redaction even if not requested in config', async () => {
+  it('should respect environment variable redaction setting in config', async () => {
     const req = {
       command: 'echo',
       args: ['hello'],
@@ -62,7 +62,7 @@ describe('NoopSandboxManager', () => {
 
     const result = await sandboxManager.prepareCommand(req);
 
-    expect(result.env['API_KEY']).toBeUndefined();
+    expect(result.env['API_KEY']).toBe('sensitive-key');
   });
 
   it('should respect allowedEnvironmentVariables in config', async () => {
diff --git a/packages/core/src/services/sandboxManager.ts b/packages/core/src/services/sandboxManager.ts
index 4f31527d8d..cedf439f29 100644
--- a/packages/core/src/services/sandboxManager.ts
+++ b/packages/core/src/services/sandboxManager.ts
@@ -78,3 +78,24 @@ export class NoopSandboxManager implements SandboxManager {
     };
   }
 }
+
+/**
+ * SandboxManager that implements actual sandboxing.
+ */
+export class LocalSandboxManager implements SandboxManager {
+  async prepareCommand(_req: SandboxRequest): Promise<SandboxedCommand> {
+    throw new Error('Tool sandboxing is not yet implemented.');
+  }
+}
+
+/**
+ * Creates a sandbox manager based on the provided settings.
+ */
+export function createSandboxManager(
+  sandboxingEnabled: boolean,
+): SandboxManager {
+  if (sandboxingEnabled) {
+    return new LocalSandboxManager();
+  }
+  return new NoopSandboxManager();
+}