From e2d689ff2f377ff0f2b1e3d61f9577ef5c2d085e Mon Sep 17 00:00:00 2001
From: Olcan <olcans@gmail.com>
Date: Wed, 11 Jun 2025 08:25:33 -0700
Subject: [PATCH] do not auto-enable container sandboxing (fixing recently
 introduced bug) (#939)

---
 packages/cli/src/utils/sandbox.ts | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/packages/cli/src/utils/sandbox.ts b/packages/cli/src/utils/sandbox.ts
index a17fa226..b7fc10f1 100644
--- a/packages/cli/src/utils/sandbox.ts
+++ b/packages/cli/src/utils/sandbox.ts
@@ -134,11 +134,12 @@ export function sandbox_command(sandbox?: string | boolean): string {
   }
 
   // look for seatbelt, docker, or podman, in that order
+  // for container-based sandboxing, require sandbox to be enabled explicitly
   if (os.platform() === 'darwin' && commandExists.sync('sandbox-exec')) {
     return 'sandbox-exec';
-  } else if (commandExists.sync('docker')) {
+  } else if (commandExists.sync('docker') && sandbox === true) {
     return 'docker';
-  } else if (commandExists.sync('podman')) {
+  } else if (commandExists.sync('podman') && sandbox === true) {
     return 'podman';
   }