fix(cli): ensure sandbox proxy cleanup and remove handler leaks

[ehedlund]

Summary

Ensures that sandbox proxy processes and containers are consistently cleaned up when the sandbox session ends. This PR refactors the stopProxy logic into a finally block and removes event handlers to prevent leaks.

Details

• Refactored stopProxy to be scoped to the start_sandbox function and invoked in the finally block for guaranteed cleanup.
• Added explicit handler removal using process.off for exit, SIGINT, and SIGTERM.
• Wrapped proxy termination logic in try-catch blocks to prevent cleanup failures from crashing the main process.
• Added a new test case in packages/cli/src/utils/sandbox.test.ts to verify that handlers are correctly registered and unregistered.

Related Issues

Fixes #24334

How to Validate

Run the targeted test:

npm test packages/cli/src/utils/sandbox.test.ts

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request improves the reliability of the sandbox session management by ensuring that proxy processes and containers are consistently terminated. By centralizing the cleanup logic and explicitly managing event listeners, the changes prevent resource leaks and potential process crashes during sandbox teardown.

Highlights

• Guaranteed Cleanup: Refactored the proxy termination logic into a finally block within the start_sandbox function to ensure resources are cleaned up regardless of execution outcome.
• Leak Prevention: Implemented explicit removal of process event handlers (exit, SIGINT, SIGTERM) using process.off to prevent memory and handler leaks.
• Robustness: Wrapped proxy termination commands in try-catch blocks to prevent potential cleanup failures from crashing the main process.
• Verification: Added a new test case to verify that proxy exit handlers are correctly registered and unregistered during the sandbox lifecycle.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: +76 B (0%)

Total Size: 33.8 MB

Filename	Size	Change
./bundle/chunk-3JJ4GEVN.js	0 B	-3.43 kB (removed)	🏆
./bundle/chunk-3ZNLWEJL.js	0 B	-672 kB (removed)	🏆
./bundle/chunk-B57OUV3N.js	0 B	-14.6 MB (removed)	🏆
./bundle/chunk-M4BMLVBP.js	0 B	-49.2 kB (removed)	🏆
./bundle/chunk-O7JN6QFR.js	0 B	-2.73 MB (removed)	🏆
./bundle/chunk-XGDZJBGW.js	0 B	-3.8 kB (removed)	🏆
./bundle/core-JCXQLMZI.js	0 B	-48 kB (removed)	🏆
./bundle/devtoolsService-LX6ELLTX.js	0 B	-27.8 kB (removed)	🏆
./bundle/gemini-P57HGYQF.js	0 B	-573 kB (removed)	🏆
./bundle/interactiveCli-U2UM35GH.js	0 B	-1.31 MB (removed)	🏆
./bundle/liteRtServerManager-TRJ6GS3M.js	0 B	-2.08 kB (removed)	🏆
./bundle/oauth2-provider-DDT6BZXP.js	0 B	-9.16 kB (removed)	🏆
./bundle/chunk-22JWTAUL.js	3.43 kB	+3.43 kB (new file)	🆕
./bundle/chunk-AG4LBAEI.js	14.6 MB	+14.6 MB (new file)	🆕
./bundle/chunk-KTEGER2Y.js	3.8 kB	+3.8 kB (new file)	🆕
./bundle/chunk-MSCJ54A6.js	672 kB	+672 kB (new file)	🆕
./bundle/chunk-SET4AHZR.js	49.2 kB	+49.2 kB (new file)	🆕
./bundle/chunk-W64CWRLK.js	2.73 MB	+2.73 MB (new file)	🆕
./bundle/core-XMO2DBUB.js	48 kB	+48 kB (new file)	🆕
./bundle/devtoolsService-KKD65NCJ.js	27.8 kB	+27.8 kB (new file)	🆕
./bundle/gemini-3RNIDYKM.js	573 kB	+573 kB (new file)	🆕
./bundle/interactiveCli-QJ6CLYCX.js	1.31 MB	+1.31 MB (new file)	🆕
./bundle/liteRtServerManager-5AH6D4I6.js	2.08 kB	+2.08 kB (new file)	🆕
./bundle/oauth2-provider-IFLGV3X3.js	9.16 kB	+9.16 kB (new file)	🆕

ℹ️ View Unchanged

Filename	Size	Change
./bundle/bundled/third_party/index.js	8 MB	0 B
./bundle/chunk-34MYV7JD.js	2.45 kB	0 B
./bundle/chunk-5AUYMPVF.js	858 B	0 B
./bundle/chunk-5PS3AYFU.js	1.18 kB	0 B
./bundle/chunk-664ZODQF.js	124 kB	0 B
./bundle/chunk-DAHVX5MI.js	206 kB	0 B
./bundle/chunk-IUUIT4SU.js	56.5 kB	0 B
./bundle/chunk-MTD736U4.js	1.97 MB	0 B
./bundle/chunk-RJTRUG2J.js	39.8 kB	0 B
./bundle/cleanup-GSVU7DDN.js	0 B	-932 B (removed)	🏆
./bundle/devtools-36NN55EP.js	696 kB	0 B
./bundle/dist-T73EYRDX.js	356 B	0 B
./bundle/events-XB7DADIJ.js	418 B	0 B
./bundle/examples/hooks/scripts/on-start.js	188 B	0 B
./bundle/examples/mcp-server/example.js	1.43 kB	0 B
./bundle/gemini.js	4.97 kB	0 B
./bundle/getMachineId-bsd-TXG52NKR.js	1.55 kB	0 B
./bundle/getMachineId-darwin-7OE4DDZ6.js	1.55 kB	0 B
./bundle/getMachineId-linux-SHIFKOOX.js	1.34 kB	0 B
./bundle/getMachineId-unsupported-5U5DOEYY.js	1.06 kB	0 B
./bundle/getMachineId-win-6KLLGOI4.js	1.72 kB	0 B
./bundle/memoryDiscovery-NSOLCG4U.js	980 B	0 B
./bundle/multipart-parser-KPBZEGQU.js	11.7 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	222 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	229 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	13.4 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B
./bundle/src-QVCVGIUX.js	47 kB	0 B
./bundle/start-VR4ZK2GX.js	0 B	-622 B (removed)	🏆
./bundle/tree-sitter-7U6MW5PS.js	274 kB	0 B
./bundle/tree-sitter-bash-34ZGLXVX.js	1.84 MB	0 B
./bundle/cleanup-KJJQEIP2.js	932 B	+932 B (new file)	🆕
./bundle/start-NPTVPIXT.js	622 B	+622 B (new file)	🆕

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request improves the lifecycle management of the sandbox proxy by ensuring exit handlers are properly registered and cleaned up. It introduces a finally block in start_sandbox to invoke the proxy shutdown and remove signal listeners. Additionally, error handling was added to the proxy termination logic to prevent cleanup failures from crashing the process. A new test case was added to verify the registration and unregistration of these handlers. A security concern was raised regarding the use of execSync with potentially unsanitized input, which could lead to command injection; switching to spawnSync was suggested.