From 69d1c644d9034138ed7418f4450230756e84ad93 Mon Sep 17 00:00:00 2001
From: Olcan <olcans@gmail.com>
Date: Fri, 2 May 2025 14:07:40 -0700
Subject: [PATCH] custom sandboxing via sandbox.Dockerfile and sandbox.bashrc
 in project settings (#249)

---
 packages/cli/src/utils/sandbox.ts | 21 ++++++++++++++++++++-
 scripts/build_sandbox.sh          | 10 +++++++---
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/packages/cli/src/utils/sandbox.ts b/packages/cli/src/utils/sandbox.ts
index 85cf6c1a..a08ed7e1 100644
--- a/packages/cli/src/utils/sandbox.ts
+++ b/packages/cli/src/utils/sandbox.ts
@@ -83,7 +83,17 @@ export async function start_sandbox(sandbox: string) {
     } else {
       console.log('building sandbox ...');
       const gcRoot = gcPath.split('/packages/')[0];
-      spawnSync(`cd ${gcRoot} && scripts/build_sandbox.sh`, {
+      // if project folder has sandbox.Dockerfile under project settings folder, use that
+      let buildArgs = '';
+      const projectSandboxDockerfile = path.join(
+        SETTINGS_DIRECTORY_NAME,
+        'sandbox.Dockerfile',
+      );
+      if (fs.existsSync(projectSandboxDockerfile)) {
+        console.log(`using ${projectSandboxDockerfile} for sandbox`);
+        buildArgs += `-f ${path.resolve(projectSandboxDockerfile)}`;
+      }
+      spawnSync(`cd ${gcRoot} && scripts/build_sandbox.sh ${buildArgs}`, {
         stdio: 'inherit',
         shell: true,
       });
@@ -266,6 +276,15 @@ export async function start_sandbox(sandbox: string) {
     bashCmd += `export PYTHONPATH="$PYTHONPATH${pythonPathSuffix}"; `; // suffix includes leading ':'
   }
 
+  // source sandbox.bashrc if exists under project settings directory
+  const projectSandboxBashrc = path.join(
+    SETTINGS_DIRECTORY_NAME,
+    'sandbox.bashrc',
+  );
+  if (fs.existsSync(projectSandboxBashrc)) {
+    bashCmd += `source ${projectSandboxBashrc}; `;
+  }
+
   // open additional ports if SANDBOX_PORTS is set
   // also set up redirects (via socat) so servers can listen on localhost instead of 0.0.0.0
   if (process.env.SANDBOX_PORTS) {
diff --git a/scripts/build_sandbox.sh b/scripts/build_sandbox.sh
index ab4e8fe0..8e6ab5c4 100755
--- a/scripts/build_sandbox.sh
+++ b/scripts/build_sandbox.sh
@@ -27,17 +27,21 @@ IMAGE=gemini-code-sandbox
 DOCKERFILE=Dockerfile
 
 SKIP_NPM_INSTALL_BUILD=false
-while getopts "sd" opt; do
+while getopts "sdf:" opt; do
     case ${opt} in
     s) SKIP_NPM_INSTALL_BUILD=true ;;
     d)
         DOCKERFILE=Dockerfile-dev
         IMAGE+="-dev"
         ;;
+    f)
+        DOCKERFILE=$OPTARG
+        ;;
     \?)
-        echo "usage: $(basename "$0") [-s] [-d]"
+        echo "usage: $(basename "$0") [-s] [-d] [-f <dockerfile>]"
         echo "  -s: skip npm install + npm run build"
-        echo "  -d: build dev image (using Dockerfile-dev)"
+        echo "  -d: build dev image (use Dockerfile-dev)"
+        echo "  -f <dockerfile>: use <dockerfile>"
         exit 1
         ;;
     esac