MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-03-31 08:20:54 -07:00
Code Issues Packages Projects Releases Wiki Activity

feat(core): implement SandboxManager interface and config schema

Browse Source 
- Add `sandbox` block to `ConfigSchema` with `enabled`, `allowedPaths`,
  and `networkAccess` properties.
- Define the `SandboxManager` interface and request/response types.
- Implement `NoopSandboxManager` fallback that silently passes commands
  through but rigorously enforces environment variable sanitization via
  `sanitizeEnvironment`.
- Update config and sandbox tests to use the new `SandboxConfig` schema.
- Add `createMockSandboxConfig` utility to `test-utils` for cleaner test
  mocking across the monorepo.
This commit is contained in:
galz10
2026-03-09 11:20:13 -07:00
parent 09e99824d4
commit 863a0aa01e
11 changed files with 494 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
packages/cli/src/config/sandboxConfig.ts
View File

@@ -31,7 +31,9 @@ const VALID_SANDBOX_COMMANDS: ReadonlyArray<SandboxConfig['command']> = [
'lxc',
];
function isSandboxCommand(value: string): value is SandboxConfig['command'] {
function isSandboxCommand(
value: string,
): value is Exclude<SandboxConfig['command'], undefined> {
return (VALID_SANDBOX_COMMANDS as readonly string[]).includes(value);
}
@@ -124,5 +126,7 @@ export async function loadSandboxConfig(
process.env['GEMINI_SANDBOX_IMAGE_DEFAULT'] ??
packageJson?.config?.sandboxImageUri;
return command && image ? { command, image } : undefined;
return command && image
? { enabled: true, allowedPaths: [], networkAccess: false, command, image }
: undefined;
}