refactor(core): delegate sandbox denial parsing to SandboxManager (#23928)

packages/core/src/services/sandboxManager.ts

@@ -21,7 +21,7 @@ import {
   getSecureSanitizationConfig,
   type EnvironmentSanitizationConfig,
 } from './environmentSanitization.js';
-
+import type { ShellExecutionResult } from './shellExecutionService.js';
 export interface SandboxPermissions {
   /** Filesystem permissions. */
   fileSystem?: {
@@ -91,6 +91,16 @@ export interface SandboxedCommand {
   cwd?: string;
 }
 
+/**
+ * A structured result from parsing sandbox denials.
+ */
+export interface ParsedSandboxDenial {
+  /** If the denial is related to file system access, these are the paths that were blocked. */
+  filePaths?: string[];
+  /** If the denial is related to network access. */
+  network?: boolean;
+}
+
 /**
  * Interface for a service that prepares commands for sandboxed execution.
  */
@@ -109,6 +119,11 @@ export interface SandboxManager {
    * Checks if a command with its arguments is explicitly known to be dangerous for this sandbox.
    */
   isDangerousCommand(args: string[]): boolean;
+
+  /**
+   * Parses the output of a command to detect sandbox denials.
+   */
+  parseDenials(result: ShellExecutionResult): ParsedSandboxDenial | undefined;
 }
 
 /**
@@ -236,10 +251,14 @@ export class NoopSandboxManager implements SandboxManager {
       ? isWindowsDangerousCommand(args)
       : isMacDangerousCommand(args);
   }
+
+  parseDenials(): undefined {
+    return undefined;
+  }
 }
 
 /**
- * SandboxManager that implements actual sandboxing.
+ * A SandboxManager implementation that just runs locally (no sandboxing yet).
  */
 export class LocalSandboxManager implements SandboxManager {
   async prepareCommand(_req: SandboxRequest): Promise<SandboxedCommand> {
@@ -253,6 +272,10 @@ export class LocalSandboxManager implements SandboxManager {
   isDangerousCommand(_args: string[]): boolean {
     return false;
   }
+
+  parseDenials(): undefined {
+    return undefined;
+  }
 }
 
 /**

packages/core/src/services/sandboxedFileSystemService.test.ts

@@ -43,6 +43,10 @@ class MockSandboxManager implements SandboxManager {
   isDangerousCommand(): boolean {
     return false;
   }
+
+  parseDenials(): undefined {
+    return undefined;
+  }
 }
 
 describe('SandboxedFileSystemService', () => {

packages/core/src/services/shellExecutionService.test.ts

@@ -1914,6 +1914,7 @@ describe('ShellExecutionService environment variables', () => {
       }),
       isKnownSafeCommand: vi.fn().mockReturnValue(false),
       isDangerousCommand: vi.fn().mockReturnValue(false),
+      parseDenials: vi.fn().mockReturnValue(undefined),
     };
 
     const configWithSandbox: ShellExecutionConfig = {