feat(core): integrate SandboxManager to sandbox all process-spawning tools (#22231)

2026-03-21 03:21:11 -07:00 · 2026-03-13 14:11:51 -07:00
parent 24adacdbc2
commit fa024133e6
31 changed files with 558 additions and 94 deletions
--- a/packages/cli/src/ui/AppContainer.tsx
+++ b/packages/cli/src/ui/AppContainer.tsx
@@ -1425,6 +1425,7 @@ Logging in with Google... Restarting Gemini CLI to continue.
    pager: settings.merged.tools.shell.pager,
    showColor: settings.merged.tools.shell.showColor,
    sanitizationConfig: config.sanitizationConfig,
+    sandboxManager: config.sandboxManager,
  });

  const { isFocused, hasReceivedFocusEvent } = useFocus();
--- a/packages/cli/src/ui/hooks/shellCommandProcessor.test.tsx
+++ b/packages/cli/src/ui/hooks/shellCommandProcessor.test.tsx
@@ -16,6 +16,7 @@ import {
  afterEach,
  type Mock,
 } from 'vitest';
+import { NoopSandboxManager } from '@google/gemini-cli-core';

 const mockIsBinary = vi.hoisted(() => vi.fn());
 const mockShellExecutionService = vi.hoisted(() => vi.fn());
@@ -109,8 +110,14 @@ describe('useShellCommandProcessor', () => {
      getShellExecutionConfig: () => ({
        terminalHeight: 20,
        terminalWidth: 80,
+        sandboxManager: new NoopSandboxManager(),
+        sanitizationConfig: {
+          allowedEnvironmentVariables: [],
+          blockedEnvironmentVariables: [],
+          enableEnvironmentVariableRedaction: false,
+        },
      }),
-    } as Config;
+    } as unknown as Config;
    mockGeminiClient = { addHistory: vi.fn() } as unknown as GeminiClient;

    vi.mocked(os.platform).mockReturnValue('linux');