From 7588aef07c584d274c3178afa2b97da9bfdc4147 Mon Sep 17 00:00:00 2001 From: Olcan Date: Mon, 21 Apr 2025 08:31:36 -0700 Subject: [PATCH] added sandbox section to readme (#79) --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index 8ad7b555..743e6f71 100644 --- a/README.md +++ b/README.md @@ -71,3 +71,13 @@ npm run lint ``` Chances are you will need to manually address errors output. You can also try `npm run lint -- --fix` where some errors may be resolved. + +## Sandboxing + +To enable sandboxing, set `GEMINI_CODE_SANDBOX=true` in your environment or `.env` file. Once enabled, `npm run build` will build a minimal container ("sandbox") image and `npm start` will launch inside a fresh instance of that container. Requires either `docker` or `podman` to be installed on host machine. + +The sandbox (container) mounts the current directory with read-write access and is started/stopped/removed automatically as you start/stop Gemini Code. You can tell you are inside the sandbox with the `cwd` being reported as `/sandbox/...`. Files created within the sandbox should be automatically mapped to your user/group on host machine. + +The very first build of the container (with `npm run build` or `scripts/build_sandbox.sh`) can take 20-30s (mostly due to downloading of the base image) but after that both build and start overhead should be minimal (1-2s). + +You can customize the sandbox in `Dockerfile` (e.g. for pre-installed utilities) or in `scripts/build_sandbox.sh` (e.g. for mounts, environment variables, etc) and changes will be automatically picked up by `npm run build` and `npm start` respectively. \ No newline at end of file