summaryrefslogtreecommitdiff
path: root/packages/cli/src/utils
diff options
context:
space:
mode:
Diffstat (limited to 'packages/cli/src/utils')
-rw-r--r--packages/cli/src/utils/sandbox-macos-permissive-closed.sb6
-rw-r--r--packages/cli/src/utils/sandbox-macos-permissive-open.sb6
-rw-r--r--packages/cli/src/utils/sandbox-macos-permissive-proxied.sb6
-rw-r--r--packages/cli/src/utils/sandbox-macos-restrictive-closed.sb6
-rw-r--r--packages/cli/src/utils/sandbox-macos-restrictive-open.sb6
-rw-r--r--packages/cli/src/utils/sandbox-macos-restrictive-proxied.sb6
-rw-r--r--packages/cli/src/utils/sandbox.ts37
7 files changed, 71 insertions, 2 deletions
diff --git a/packages/cli/src/utils/sandbox-macos-permissive-closed.sb b/packages/cli/src/utils/sandbox-macos-permissive-closed.sb
index 36d88995..cf64da94 100644
--- a/packages/cli/src/utils/sandbox-macos-permissive-closed.sb
+++ b/packages/cli/src/utils/sandbox-macos-permissive-closed.sb
@@ -13,6 +13,12 @@
(subpath (string-append (param "HOME_DIR") "/.npm"))
(subpath (string-append (param "HOME_DIR") "/.cache"))
(subpath (string-append (param "HOME_DIR") "/.gitconfig"))
+ ;; Allow writes to included directories from --include-directories
+ (subpath (param "INCLUDE_DIR_0"))
+ (subpath (param "INCLUDE_DIR_1"))
+ (subpath (param "INCLUDE_DIR_2"))
+ (subpath (param "INCLUDE_DIR_3"))
+ (subpath (param "INCLUDE_DIR_4"))
(literal "/dev/stdout")
(literal "/dev/stderr")
(literal "/dev/null")
diff --git a/packages/cli/src/utils/sandbox-macos-permissive-open.sb b/packages/cli/src/utils/sandbox-macos-permissive-open.sb
index 552efcd4..50d21a1f 100644
--- a/packages/cli/src/utils/sandbox-macos-permissive-open.sb
+++ b/packages/cli/src/utils/sandbox-macos-permissive-open.sb
@@ -13,6 +13,12 @@
(subpath (string-append (param "HOME_DIR") "/.npm"))
(subpath (string-append (param "HOME_DIR") "/.cache"))
(subpath (string-append (param "HOME_DIR") "/.gitconfig"))
+ ;; Allow writes to included directories from --include-directories
+ (subpath (param "INCLUDE_DIR_0"))
+ (subpath (param "INCLUDE_DIR_1"))
+ (subpath (param "INCLUDE_DIR_2"))
+ (subpath (param "INCLUDE_DIR_3"))
+ (subpath (param "INCLUDE_DIR_4"))
(literal "/dev/stdout")
(literal "/dev/stderr")
(literal "/dev/null")
diff --git a/packages/cli/src/utils/sandbox-macos-permissive-proxied.sb b/packages/cli/src/utils/sandbox-macos-permissive-proxied.sb
index 4410776b..8becc8cb 100644
--- a/packages/cli/src/utils/sandbox-macos-permissive-proxied.sb
+++ b/packages/cli/src/utils/sandbox-macos-permissive-proxied.sb
@@ -13,6 +13,12 @@
(subpath (string-append (param "HOME_DIR") "/.npm"))
(subpath (string-append (param "HOME_DIR") "/.cache"))
(subpath (string-append (param "HOME_DIR") "/.gitconfig"))
+ ;; Allow writes to included directories from --include-directories
+ (subpath (param "INCLUDE_DIR_0"))
+ (subpath (param "INCLUDE_DIR_1"))
+ (subpath (param "INCLUDE_DIR_2"))
+ (subpath (param "INCLUDE_DIR_3"))
+ (subpath (param "INCLUDE_DIR_4"))
(literal "/dev/stdout")
(literal "/dev/stderr")
(literal "/dev/null")
diff --git a/packages/cli/src/utils/sandbox-macos-restrictive-closed.sb b/packages/cli/src/utils/sandbox-macos-restrictive-closed.sb
index 9ce68e9d..17d0c073 100644
--- a/packages/cli/src/utils/sandbox-macos-restrictive-closed.sb
+++ b/packages/cli/src/utils/sandbox-macos-restrictive-closed.sb
@@ -71,6 +71,12 @@
(subpath (string-append (param "HOME_DIR") "/.npm"))
(subpath (string-append (param "HOME_DIR") "/.cache"))
(subpath (string-append (param "HOME_DIR") "/.gitconfig"))
+ ;; Allow writes to included directories from --include-directories
+ (subpath (param "INCLUDE_DIR_0"))
+ (subpath (param "INCLUDE_DIR_1"))
+ (subpath (param "INCLUDE_DIR_2"))
+ (subpath (param "INCLUDE_DIR_3"))
+ (subpath (param "INCLUDE_DIR_4"))
(literal "/dev/stdout")
(literal "/dev/stderr")
(literal "/dev/null")
diff --git a/packages/cli/src/utils/sandbox-macos-restrictive-open.sb b/packages/cli/src/utils/sandbox-macos-restrictive-open.sb
index e89b8090..17f27224 100644
--- a/packages/cli/src/utils/sandbox-macos-restrictive-open.sb
+++ b/packages/cli/src/utils/sandbox-macos-restrictive-open.sb
@@ -71,6 +71,12 @@
(subpath (string-append (param "HOME_DIR") "/.npm"))
(subpath (string-append (param "HOME_DIR") "/.cache"))
(subpath (string-append (param "HOME_DIR") "/.gitconfig"))
+ ;; Allow writes to included directories from --include-directories
+ (subpath (param "INCLUDE_DIR_0"))
+ (subpath (param "INCLUDE_DIR_1"))
+ (subpath (param "INCLUDE_DIR_2"))
+ (subpath (param "INCLUDE_DIR_3"))
+ (subpath (param "INCLUDE_DIR_4"))
(literal "/dev/stdout")
(literal "/dev/stderr")
(literal "/dev/null")
diff --git a/packages/cli/src/utils/sandbox-macos-restrictive-proxied.sb b/packages/cli/src/utils/sandbox-macos-restrictive-proxied.sb
index a49712a3..c07c1496 100644
--- a/packages/cli/src/utils/sandbox-macos-restrictive-proxied.sb
+++ b/packages/cli/src/utils/sandbox-macos-restrictive-proxied.sb
@@ -71,6 +71,12 @@
(subpath (string-append (param "HOME_DIR") "/.npm"))
(subpath (string-append (param "HOME_DIR") "/.cache"))
(subpath (string-append (param "HOME_DIR") "/.gitconfig"))
+ ;; Allow writes to included directories from --include-directories
+ (subpath (param "INCLUDE_DIR_0"))
+ (subpath (param "INCLUDE_DIR_1"))
+ (subpath (param "INCLUDE_DIR_2"))
+ (subpath (param "INCLUDE_DIR_3"))
+ (subpath (param "INCLUDE_DIR_4"))
(literal "/dev/stdout")
(literal "/dev/stderr")
(literal "/dev/null")
diff --git a/packages/cli/src/utils/sandbox.ts b/packages/cli/src/utils/sandbox.ts
index 84fdc8f7..72b5e56b 100644
--- a/packages/cli/src/utils/sandbox.ts
+++ b/packages/cli/src/utils/sandbox.ts
@@ -15,7 +15,7 @@ import {
SETTINGS_DIRECTORY_NAME,
} from '../config/settings.js';
import { promisify } from 'util';
-import { SandboxConfig } from '@google/gemini-cli-core';
+import { Config, SandboxConfig } from '@google/gemini-cli-core';
const execAsync = promisify(exec);
@@ -183,6 +183,7 @@ function entrypoint(workdir: string): string[] {
export async function start_sandbox(
config: SandboxConfig,
nodeArgs: string[] = [],
+ cliConfig?: Config,
) {
if (config.command === 'sandbox-exec') {
// disallow BUILD_SANDBOX
@@ -223,6 +224,38 @@ export async function start_sandbox(
`HOME_DIR=${fs.realpathSync(os.homedir())}`,
'-D',
`CACHE_DIR=${fs.realpathSync(execSync(`getconf DARWIN_USER_CACHE_DIR`).toString().trim())}`,
+ ];
+
+ // Add included directories from the workspace context
+ // Always add 5 INCLUDE_DIR parameters to ensure .sb files can reference them
+ const MAX_INCLUDE_DIRS = 5;
+ const targetDir = fs.realpathSync(cliConfig?.getTargetDir() || '');
+ const includedDirs: string[] = [];
+
+ if (cliConfig) {
+ const workspaceContext = cliConfig.getWorkspaceContext();
+ const directories = workspaceContext.getDirectories();
+
+ // Filter out TARGET_DIR
+ for (const dir of directories) {
+ const realDir = fs.realpathSync(dir);
+ if (realDir !== targetDir) {
+ includedDirs.push(realDir);
+ }
+ }
+ }
+
+ for (let i = 0; i < MAX_INCLUDE_DIRS; i++) {
+ let dirPath = '/dev/null'; // Default to a safe path that won't cause issues
+
+ if (i < includedDirs.length) {
+ dirPath = includedDirs[i];
+ }
+
+ args.push('-D', `INCLUDE_DIR_${i}=${dirPath}`);
+ }
+
+ args.push(
'-f',
profileFile,
'sh',
@@ -232,7 +265,7 @@ export async function start_sandbox(
`NODE_OPTIONS="${nodeOptions}"`,
...process.argv.map((arg) => quote([arg])),
].join(' '),
- ];
+ );
// start and set up proxy if GEMINI_SANDBOX_PROXY_COMMAND is set
const proxyCommand = process.env.GEMINI_SANDBOX_PROXY_COMMAND;
let proxyProcess: ChildProcess | undefined = undefined;
generated by cgit v1.2.3 (git 2.51.0) at 2026-02-15 12:50:25 +0000