feat(core): integrate SandboxManager to sandbox all process-spawning tools (#22231)

2026-03-23 20:40:41 -07:00 · 2026-03-13 14:11:51 -07:00
parent 24adacdbc2
commit fa024133e6
31 changed files with 558 additions and 94 deletions
--- a/packages/cli/src/services/prompt-processors/shellProcessor.test.ts
+++ b/packages/cli/src/services/prompt-processors/shellProcessor.test.ts
@@ -13,6 +13,7 @@ import {
  ApprovalMode,
  getShellConfiguration,
  PolicyDecision,
+  NoopSandboxManager,
 } from '@google/gemini-cli-core';
 import { quote } from 'shell-quote';
 import { createPartFromText } from '@google/genai';
@@ -77,7 +78,14 @@ describe('ShellProcessor', () => {
      getTargetDir: vi.fn().mockReturnValue('/test/dir'),
      getApprovalMode: vi.fn().mockReturnValue(ApprovalMode.DEFAULT),
      getEnableInteractiveShell: vi.fn().mockReturnValue(false),
-      getShellExecutionConfig: vi.fn().mockReturnValue({}),
+      getShellExecutionConfig: vi.fn().mockReturnValue({
+        sandboxManager: new NoopSandboxManager(),
+        sanitizationConfig: {
+          allowedEnvironmentVariables: [],
+          blockedEnvironmentVariables: [],
+          enableEnvironmentVariableRedaction: false,
+        },
+      }),
      getPolicyEngine: vi.fn().mockReturnValue({
        check: mockPolicyEngineCheck,
      }),