feat(core): integrate SandboxManager to sandbox all process-spawning tools (#22231)

packages/cli/src/config/config.ts

@@ -744,6 +744,7 @@ export async function loadCliConfig(
     clientVersion: await getVersion(),
     embeddingModel: DEFAULT_GEMINI_EMBEDDING_MODEL,
     sandbox: sandboxConfig,
+    toolSandboxing: settings.security?.toolSandboxing ?? false,
     targetDir: cwd,
     includeDirectoryTree,
     includeDirectories,

packages/cli/src/config/extension-manager-themes.spec.ts

@@ -20,7 +20,12 @@ import {
 import { createExtension } from '../test-utils/createExtension.js';
 import { ExtensionManager } from './extension-manager.js';
 import { themeManager, DEFAULT_THEME } from '../ui/themes/theme-manager.js';
-import { GEMINI_DIR, type Config, tmpdir } from '@google/gemini-cli-core';
+import {
+  GEMINI_DIR,
+  type Config,
+  tmpdir,
+  NoopSandboxManager,
+} from '@google/gemini-cli-core';
 import { createTestMergedSettings, SettingScope } from './settings.js';
 
 describe('ExtensionManager theme loading', () => {
@@ -117,6 +122,7 @@ describe('ExtensionManager theme loading', () => {
         terminalHeight: 24,
         showColor: false,
         pager: 'cat',
+        sandboxManager: new NoopSandboxManager(),
         sanitizationConfig: {
           allowedEnvironmentVariables: [],
           blockedEnvironmentVariables: [],

packages/cli/src/config/sandboxConfig.ts

@@ -34,7 +34,9 @@ const VALID_SANDBOX_COMMANDS = [
 function isSandboxCommand(
   value: string,
 ): value is Exclude<SandboxConfig['command'], undefined> {
-  return VALID_SANDBOX_COMMANDS.includes(value);
+  return (VALID_SANDBOX_COMMANDS as ReadonlyArray<string | undefined>).includes(
+    value,
+  );
 }
 
 function getSandboxCommand(

packages/cli/src/config/settingsSchema.ts

@@ -1300,7 +1300,7 @@ const SETTINGS_SCHEMA = {
         default: undefined as boolean | string | SandboxConfig | undefined,
         ref: 'BooleanOrStringOrObject',
         description: oneLine`
-          Sandbox execution environment.
+          Legacy full-process sandbox execution environment.
           Set to a boolean to enable or disable the sandbox, provide a string path to a sandbox profile,
           or specify an explicit sandbox command (e.g., "docker", "podman", "lxc").
         `,
@@ -1522,6 +1522,16 @@ const SETTINGS_SCHEMA = {
     description: 'Security-related settings.',
     showInDialog: false,
     properties: {
+      toolSandboxing: {
+        type: 'boolean',
+        label: 'Tool Sandboxing',
+        category: 'Security',
+        requiresRestart: false,
+        default: false,
+        description:
+          'Experimental tool-level sandboxing (implementation in progress).',
+        showInDialog: true,
+      },
       disableYoloMode: {
         type: 'boolean',
         label: 'Disable YOLO Mode',