jcarr
/
gemini-cli
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sandbox/seatbelt-aware system prompt, support for custom seatbelt profiles under project settings (#304)

This commit is contained in:
Olcan 2025-05-09 11:33:05 -07:00 committed by GitHub
parent b8fa38a6e8
commit 92c1279de6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
packages/cli/src/utils/sandbox.ts
View File

@ -152,6 +152,21 @@ export async function start_sandbox(sandbox: string) {
process.exit(1); process.exit(1);
} }
const profile = (process.env.SEATBELT_PROFILE ??= 'minimal'); const profile = (process.env.SEATBELT_PROFILE ??= 'minimal');
let profileFile = new URL(`sandbox-macos-${profile}.sb`, import.meta.url)
.pathname;
// if profile is anything other than 'minimal' or 'strict', then look for the profile file under the project settings directory
if (profile !== 'minimal' && profile !== 'strict') {
profileFile = path.join(
SETTINGS_DIRECTORY_NAME,
`sandbox-macos-${profile}.sb`,
);
}
if (!fs.existsSync(profileFile)) {
console.error(
`ERROR: missing macos seatbelt profile file '${profileFile}'`,
);
process.exit(1);
}
console.log(`using macos seatbelt (profile: ${profile}) ...`); console.log(`using macos seatbelt (profile: ${profile}) ...`);
// if DEBUG is set, convert to --inspect-brk in NODE_OPTIONS // if DEBUG is set, convert to --inspect-brk in NODE_OPTIONS
if (process.env.DEBUG) { if (process.env.DEBUG) {
@ -166,7 +181,7 @@ export async function start_sandbox(sandbox: string) {
'-D', '-D',
`HOME_DIR=${fs.realpathSync(os.homedir())}`, `HOME_DIR=${fs.realpathSync(os.homedir())}`,
'-f', '-f',
new URL(`sandbox-macos-${profile}.sb`, import.meta.url).pathname, profileFile,
'bash', 'bash',
'-c', '-c',
[ [

19
packages/server/src/core/prompts.ts
View File

@ -85,6 +85,25 @@ Rigorously adhere to existing project conventions when reading or modifying code
- **Help Command:** The user can use '/help' to display help information. - **Help Command:** The user can use '/help' to display help information.
- **Feedback:** Direct feedback to ${contactEmail}. - **Feedback:** Direct feedback to ${contactEmail}.
${(function () {
if (process.env.SANDBOX === 'sandbox-exec') {
return `
# MacOS Seatbelt
You are running under macos seatbelt with limited access to files outside the project directory or system temp directory, and with limited access to host system resources such as ports. If you encounter failures that could be due to MacOS Seatbelt (e.g. if a command fails with 'Operation not permitted' or similar error), as you report the error to the user, also explain why you think it could be due to MacOS Seatbelt, and how the user may need to adjust their Seatbelt profile.
`;
} else if (process.env.SANDBOX) {
return `
# Sandbox
You are running in a sandbox container with limited access to files outside the project directory or system temp directory, and with limited access to host system resources such as ports. If you encounter failures that could be due to sandboxing (e.g. if a command fails with 'Operation not permitted' or similar error), when you report the error to the user, also explain why you think it could be due to sandboxing, and how the user may need to adjust their sandbox configuration.
`;
} else {
return `
# Outside of Sandbox
You are running outside of a sandbox container, directly on the user's system. For critical commands that are particularly likely to modify the user's system outside of the project directory or system temp directory, as you explain the command to the user (per the Explain Critical Commands rule above), also remind the user to consider enabling sandboxing.
`;
}
})()}
# Examples (Illustrating Tone and Workflow) # Examples (Illustrating Tone and Workflow)
<example> <example>
user: 1 + 2 user: 1 + 2