chore(core): add build script for Windows sandbox helper

This commit is contained in:
mkorwel
2026-03-09 19:55:47 -07:00
parent 1cb703b405
commit 5c0b0f98ec
8 changed files with 190 additions and 20 deletions
+19 -1
View File
@@ -131,8 +131,26 @@ export async function loadSandboxConfig(
process.env['GEMINI_SANDBOX_IMAGE_DEFAULT'] ??
packageJson?.config?.sandboxImageUri;
const networkAccess =
process.env['GEMINI_SANDBOX_NETWORK'] === 'true' ||
settings.tools?.sandboxNetworkAccess === true;
const allowedPathsEnv = process.env['GEMINI_SANDBOX_ALLOWED_PATHS']
?.split(',')
.map((p) => p.trim())
.filter((p) => p.length > 0);
const allowedPaths =
allowedPathsEnv ?? settings.tools?.sandboxAllowedPaths ?? [];
return command &&
(image || command === 'sandbox-exec' || command === 'windows-native')
? { enabled: true, allowedPaths: [], networkAccess: false, command, image }
? {
enabled: true,
allowedPaths,
networkAccess,
command,
image,
}
: undefined;
}
+20
View File
@@ -1261,6 +1261,26 @@ const SETTINGS_SCHEMA = {
`,
showInDialog: false,
},
sandboxNetworkAccess: {
type: 'boolean',
label: 'Sandbox Network Access',
category: 'Tools',
requiresRestart: true,
default: false,
description: 'Whether the sandbox has outbound network access.',
showInDialog: true,
},
sandboxAllowedPaths: {
type: 'array',
label: 'Sandbox Allowed Paths',
category: 'Tools',
requiresRestart: true,
default: [] as string[],
description: 'Additional host paths to allow the sandbox to access.',
showInDialog: true,
items: { type: 'string' },
mergeStrategy: MergeStrategy.UNION,
},
shell: {
type: 'object',
label: 'Shell',
+22
View File
@@ -211,6 +211,28 @@ export async function start_sandbox(
});
}
if (config.command === 'windows-native') {
debugLogger.log('using native windows sandboxing ...');
// process.argv is [node, script, ...args]
// We want to skip the first element (node) when calling spawn(process.execPath, ...)
const finalArgv = cliArgs.slice(1);
const child = spawn(process.execPath, finalArgv, {
stdio: 'inherit',
env: {
...process.env,
SANDBOX: 'windows-native',
},
});
return await new Promise((resolve, reject) => {
child.on('error', reject);
child.on('close', (code) => {
resolve(code ?? 1);
});
});
}
if (config.command === 'lxc') {
return await start_lxc_sandbox(config, nodeArgs, cliArgs);
}