feat(core): integrate SandboxManager to sandbox all process-spawning tools (#22231)

2026-03-17 01:21:10 -07:00 · 2026-03-13 14:11:51 -07:00
parent 24adacdbc2
commit fa024133e6
31 changed files with 558 additions and 94 deletions
--- a/docs/cli/settings.md
+++ b/docs/cli/settings.md
@@ -125,6 +125,7 @@ they appear in the UI.

 | UI Label                              | Setting                                         | Description                                                                                                                                                                                                                          | Default |
 | ------------------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- |
+| Tool Sandboxing                       | `security.toolSandboxing`                       | Experimental tool-level sandboxing (implementation in progress).                                                                                                                                                                     | `false` |
 | Disable YOLO Mode                     | `security.disableYoloMode`                      | Disable YOLO mode, even if enabled by a flag.                                                                                                                                                                                        | `false` |
 | Allow Permanent Tool Approval         | `security.enablePermanentToolApproval`          | Enable the "Allow for all future sessions" option in tool confirmation dialogs.                                                                                                                                                      | `false` |
 | Auto-add to Policy by Default         | `security.autoAddToPolicyByDefault`             | When enabled, the "Allow for all future sessions" option becomes the default choice for low-risk tools in trusted workspaces.                                                                                                        | `false` |
--- a/docs/reference/configuration.md
+++ b/docs/reference/configuration.md
@@ -784,9 +784,10 @@ their corresponding top-level category object in your `settings.json` file.
 #### `tools`

 - **`tools.sandbox`** (string):
-  - **Description:** Sandbox execution environment. Set to a boolean to enable
-    or disable the sandbox, provide a string path to a sandbox profile, or
-    specify an explicit sandbox command (e.g., "docker", "podman", "lxc").
+  - **Description:** Legacy full-process sandbox execution environment. Set to a
+    boolean to enable or disable the sandbox, provide a string path to a sandbox
+    profile, or specify an explicit sandbox command (e.g., "docker", "podman",
+    "lxc").
  - **Default:** `undefined`
  - **Requires restart:** Yes

@@ -890,6 +891,11 @@ their corresponding top-level category object in your `settings.json` file.

 #### `security`

+- **`security.toolSandboxing`** (boolean):
+  - **Description:** Experimental tool-level sandboxing (implementation in
+    progress).
+  - **Default:** `false`
+
 - **`security.disableYoloMode`** (boolean):
  - **Description:** Disable YOLO mode, even if enabled by a flag.
  - **Default:** `false`