From f4e7d4159a154a1df06931f547f14d18f63a69dc Mon Sep 17 00:00:00 2001
From: Spencer <spencertang@google.com>
Date: Fri, 27 Feb 2026 21:34:18 +0000
Subject: [PATCH] fix(sandbox): use spawnSync in exit handler to avoid resource
 leaks

---
 packages/cli/src/utils/sandbox.test.ts |  2 ++
 packages/cli/src/utils/sandbox.ts      | 17 +++++++++++------
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/packages/cli/src/utils/sandbox.test.ts b/packages/cli/src/utils/sandbox.test.ts
index 4bdfda62ab..75128457bb 100644
--- a/packages/cli/src/utils/sandbox.test.ts
+++ b/packages/cli/src/utils/sandbox.test.ts
@@ -70,6 +70,8 @@ vi.mock('@google/gemini-cli-core', async (importOriginal) => {
     },
     spawnAsync: mockSpawnAsync,
     LOCAL_DEV_SANDBOX_IMAGE_NAME: 'gemini-cli-sandbox',
+    SANDBOX_NETWORK_NAME: 'gemini-cli-sandbox',
+    SANDBOX_PROXY_NAME: 'gemini-cli-sandbox-proxy',
     homedir: mockedHomedir,
   };
 });
diff --git a/packages/cli/src/utils/sandbox.ts b/packages/cli/src/utils/sandbox.ts
index 8efafabfcf..b013f5cc0b 100644
--- a/packages/cli/src/utils/sandbox.ts
+++ b/packages/cli/src/utils/sandbox.ts
@@ -4,7 +4,12 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import { execSync, spawn, type ChildProcess } from 'node:child_process';
+import {
+  execSync,
+  spawn,
+  spawnSync,
+  type ChildProcess,
+} from 'node:child_process';
 import path from 'node:path';
 import fs from 'node:fs';
 import os from 'node:os';
@@ -688,11 +693,11 @@ export async function start_sandbox(
       // install handlers to stop proxy on exit/signal
       const stopProxy = () => {
         debugLogger.log('stopping proxy container ...');
-        return spawnAsync(config.command, [
-          'rm',
-          '-f',
-          SANDBOX_PROXY_NAME,
-        ])?.catch(() => {});
+        try {
+          spawnSync(config.command, ['rm', '-f', SANDBOX_PROXY_NAME]);
+        } catch {
+          // ignore
+        }
       };
 
       process.off('exit', stopProxy);