fix(core): ensure global temp directory is always in sandbox allowed paths

[galz10]

Summary

This PR ensures that the global Gemini temporary directory (Storage.getGlobalTempDir()) is always included in the sandbox allowed paths, regardless of user configuration. This fixes test failures in packages/core/src/config/config.test.ts where custom sandbox paths were overriding the essential global temp directory.

Details

• Modified packages/core/src/config/config.ts's getSandboxAllowedPaths to explicitly push the global temp directory if not already present.
• Added includeDirectories support to SandboxConfig and ConfigSchema to properly propagate allowed paths to the sandbox managers.
• Updated SandboxedFileSystemService to validate paths against these includeDirectories.
• Added getOptions() to the SandboxManager interface and implemented it in all platform-specific managers (Linux, MacOS, Windows) and NoopSandboxManager.
• Updated relevant tests to reflect these changes.

Related Issues

Fixes sandbox configuration issues where essential system paths were being excluded when custom allowedPaths were provided.

How to Validate

Run the unit tests for the core package:

npm test -w @google/gemini-cli-core -- src/config/config.test.ts

All 203 tests should pass.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses issues where custom sandbox configurations were inadvertently excluding essential system paths, specifically the global temporary directory. By enhancing the sandbox configuration schema and updating the file system service to respect these additional allowed directories, the changes ensure that critical paths remain accessible within the sandbox environment while maintaining security boundaries.

Highlights

• Global Temp Directory Access: Ensured the global Gemini temporary directory is consistently included in sandbox allowed paths to prevent test failures and configuration overrides.
• Sandbox Configuration Expansion: Added includeDirectories support to SandboxConfig and ConfigSchema to allow for more flexible path management within the sandbox.
• Sandbox Manager Interface: Introduced getOptions() to the SandboxManager interface and implemented it across all platform-specific managers to propagate sandbox settings.
• FileSystem Validation: Updated SandboxedFileSystemService to validate file access against the newly supported includeDirectories.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: -1.96 kB (-0.01%)

Total Size: 34 MB

Filename	Size	Change
./bundle/chunk-PYEM5KGA.js	0 B	-3.15 MB (removed)	🏆
./bundle/chunk-TUKNSGCF.js	0 B	-14.8 MB (removed)	🏆
./bundle/core-VINP37QA.js	0 B	-45.2 kB (removed)	🏆
./bundle/devtoolsService-GAWW7KV6.js	0 B	-28.4 kB (removed)	🏆
./bundle/interactiveCli-K7ZSCEGZ.js	0 B	-1.63 MB (removed)	🏆
./bundle/oauth2-provider-HEUCZDOB.js	0 B	-9.16 kB (removed)	🏆
./bundle/chunk-4BALQ5BJ.js	3.15 MB	+3.15 MB (new file)	🆕
./bundle/chunk-HAFG4YFI.js	14.8 MB	+14.8 MB (new file)	🆕
./bundle/core-7RENF3PR.js	45.2 kB	+45.2 kB (new file)	🆕
./bundle/devtoolsService-52LMQ3GZ.js	28.4 kB	+28.4 kB (new file)	🆕
./bundle/interactiveCli-PTXJNZF3.js	1.63 MB	+1.63 MB (new file)	🆕
./bundle/oauth2-provider-IJE7VGOT.js	9.16 kB	+9.16 kB (new file)	🆕

ℹ️ View Unchanged

Filename	Size
./bundle/bundled/third_party/index.js	8 MB
./bundle/chunk-34MYV7JD.js	2.45 kB
./bundle/chunk-5AUYMPVF.js	858 B
./bundle/chunk-5PS3AYFU.js	1.18 kB
./bundle/chunk-664ZODQF.js	124 kB
./bundle/chunk-DAHVX5MI.js	206 kB
./bundle/chunk-GFUOVHXW.js	1.96 MB
./bundle/chunk-IUUIT4SU.js	56.5 kB
./bundle/chunk-RJTRUG2J.js	39.8 kB
./bundle/devtools-36NN55EP.js	696 kB
./bundle/dist-T73EYRDX.js	356 B
./bundle/events-XB7DADIJ.js	418 B
./bundle/gemini.js	550 kB
./bundle/getMachineId-bsd-TXG52NKR.js	1.55 kB
./bundle/getMachineId-darwin-7OE4DDZ6.js	1.55 kB
./bundle/getMachineId-linux-SHIFKOOX.js	1.34 kB
./bundle/getMachineId-unsupported-5U5DOEYY.js	1.06 kB
./bundle/getMachineId-win-6KLLGOI4.js	1.72 kB
./bundle/memoryDiscovery-ACCRGPX3.js	980 B
./bundle/multipart-parser-KPBZEGQU.js	11.7 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	222 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	229 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	13.4 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B
./bundle/sandbox-macos-permissive-open.sb	890 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB
./bundle/sandbox-macos-strict-open.sb	4.82 kB
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB
./bundle/src-QVCVGIUX.js	47 kB
./bundle/tree-sitter-7U6MW5PS.js	274 kB
./bundle/tree-sitter-bash-34ZGLXVX.js	1.84 MB

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request introduces the includeDirectories configuration for the sandbox, allowing for more granular control over accessible paths beyond the primary workspace. It updates the SandboxedFileSystemService to validate access against these directories and ensures the global temporary directory is always included in the allowed paths. However, two critical issues were identified: first, the includeDirectories and allowedPaths are not being correctly merged and propagated to the sandbox manager during initialization, which will cause legitimate access to be blocked. Second, the workspace path in the file system service should be resolved to its real path to prevent incorrect access denials and potential path traversal vulnerabilities when symlinks are involved.