diff options
| -rw-r--r-- | packages/cli/src/gemini.ts | 5 | ||||
| -rwxr-xr-x | scripts/sandbox_command.sh | 13 | ||||
| -rwxr-xr-x | scripts/start_sandbox.sh | 25 |
3 files changed, 35 insertions, 8 deletions
diff --git a/packages/cli/src/gemini.ts b/packages/cli/src/gemini.ts index 77069e40..b8bfbc60 100644 --- a/packages/cli/src/gemini.ts +++ b/packages/cli/src/gemini.ts @@ -21,6 +21,11 @@ async function main() { const config = loadCliConfig(); let input = config.getQuestion(); + if (process.env.GEMINI_CODE_SANDBOX && !process.env.SANDBOX) { + console.log('WARNING: sandboxing is enabled, but still OUTSIDE sandbox'); + // TODO: get inside sandbox + } + // Render UI, passing necessary config values. Check that there is no command line question. if (process.stdin.isTTY && input?.length === 0) { const readUpResult = await readPackageUp({ cwd: __dirname }); diff --git a/scripts/sandbox_command.sh b/scripts/sandbox_command.sh index 81775db6..03163458 100755 --- a/scripts/sandbox_command.sh +++ b/scripts/sandbox_command.sh @@ -32,7 +32,17 @@ shift $((OPTIND - 1)) # if GEMINI_CODE_SANDBOX is not set, try to source .env in case set there -if [ -z "${GEMINI_CODE_SANDBOX:-}" ] && [ -f .env ]; then source .env; fi +# allow .env to be in any ancestor directory (same as findEnvFile in config.ts) +if [ -z "${GEMINI_CODE_SANDBOX:-}" ]; then + current_dir=$(pwd) + while [ "$current_dir" != "/" ]; do + if [ -f "$current_dir/.env" ]; then + source "$current_dir/.env" + break + fi + current_dir=$(dirname "$current_dir") + done +fi # if GEMINI_CODE_SANDBOX is still not set, then exit immediately w/ code 1 if [ -z "${GEMINI_CODE_SANDBOX:-}" ]; then exit 1; fi @@ -40,6 +50,7 @@ if [ -z "${GEMINI_CODE_SANDBOX:-}" ]; then exit 1; fi # lowercase GEMINI_CODE_SANDBOX GEMINI_CODE_SANDBOX=$(echo "${GEMINI_CODE_SANDBOX:-}" | tr '[:upper:]' '[:lower:]') +# if GEMINI_CODE_SANDBOX is set to 0 or false, then exit immediately w/ code 1 if [[ "${GEMINI_CODE_SANDBOX:-}" =~ ^(0|false)$ ]]; then exit 1 fi diff --git a/scripts/start_sandbox.sh b/scripts/start_sandbox.sh index ac8fe6e7..2146a0c8 100755 --- a/scripts/start_sandbox.sh +++ b/scripts/start_sandbox.sh @@ -42,16 +42,27 @@ while $CMD ps -a --format "{{.Names}}" | grep -q "$IMAGE-$INDEX"; do done run_args+=(--name "$IMAGE-$INDEX" --hostname "$IMAGE-$INDEX") -# also set SANDBOX environment variable as container name -run_args+=(--env "SANDBOX=$IMAGE-$INDEX") +# if .env exists, source it before variable existence checks below +# allow .env to be in any ancestor directory (same as findEnvFile in config.ts) +current_dir=$(pwd) +while [ "$current_dir" != "/" ]; do + if [ -f "$current_dir/.env" ]; then + source "$current_dir/.env" + break + fi + current_dir=$(dirname "$current_dir") +done + +# if GEMINI_API_KEY is set, copy into container +if [ -n "${GEMINI_API_KEY:-}" ]; then run_args+=(--env GEMINI_API_KEY="$GEMINI_API_KEY"); fi # pass TERM and COLORTERM to container to maintain terminal colors -run_args+=(--env TERM --env COLORTERM) +if [ -n "${TERM:-}" ]; then run_args+=(--env TERM="$TERM"); fi +if [ -n "${COLORTERM:-}" ]; then run_args+=(--env COLORTERM="$COLORTERM"); fi -# set GEMINI_API_KEY environment variable if it exists -if [ -n "${GEMINI_API_KEY:-}" ]; then - run_args+=(--env GEMINI_API_KEY) -fi +# set SANDBOX environment variable as container name +# this is the preferred mechanism to detect if inside container/sandbox +run_args+=(--env "SANDBOX=$IMAGE-$INDEX") # enable debugging via node --inspect-brk (and $DEBUG_PORT) if DEBUG is set node_args=() |