refactor(core): abstract OsSandboxManager and centralize common logic

[ehedlund]

Summary

Refactors the OS-specific sandbox managers to use a centralized AbstractOsSandboxManager base class. This simplifies the addition of new platforms and ensures consistent permission and path resolution logic across Linux, macOS, and Windows.

Details

• Introduced AbstractOsSandboxManager which implements the Template Method pattern for command preparation.
• Extracted common logic for environment sanitization, virtual command mapping, permission merging, and path resolution.
• Moved governance file protection to a shared utility.
• Updated LinuxSandboxManager, MacOsSandboxManager, and WindowsSandboxManager to extend the new base class.
• Centralized path resolution logic in sandboxPathUtils.ts.
• Improved secret file detection on Windows with regex support.
• Added comprehensive unit tests for the abstract base class and shared utilities.

Subtle Behavior Changes

• Unified Safe Command Logic: isKnownSafeCommand now consistently checks both the approvedTools list and the OS-specific safe command list. The approvedToolscheck is case-insensitive on Windows via the isCaseInsensitive() hook.
• Virtual Command Policy Lookup: Virtual commands (like __read) are translated to their native counterparts (like cat) before the policy lookup (getCommandPermissions). This ensures that persistent permissions are tied to the actual executable being run, which is consistent with previous intent but now more explicitly enforced.
• Improved Secret File Detection: The isSecretFile implementation on Windows now supports more robust regex-based matching for patterns like .env.*, improving the accuracy of secret file masking on that platform.
• Initialization Lifecycle: The new initialize() hook allows OS-specific managers to perform asynchronous setup (like initializeShellParsers on macOS or helper compilation on Windows) reliably at the start of command preparation.

Related Issues

N/A

How to Validate

1. Run unit tests for all sandbox managers: npm test -w @google/gemini-cli-core -- sandbox/
2. Run integration tests: npm run test:e2e (specifically those covering tool execution).
3. Verify basic functionality on each platform.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-cli]

Hi @ehedlund, thank you so much for your contribution to Gemini CLI! We really appreciate the time and effort you've put into this.

We're making some updates to our contribution process to improve how we track and review changes. Please take a moment to review our recent discussion post: Improving Our Contribution Process & Introducing New Guidelines.

Key Update: Starting January 26, 2026, the Gemini CLI project will require all pull requests to be associated with an existing issue. Any pull requests not linked to an issue by that date will be automatically closed.

Thank you for your understanding and for being a part of our community!

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refactors the OS-specific sandbox managers by introducing a centralized AbstractOsSandboxManager base class. This change standardizes command preparation, environment sanitization, and permission merging across different platforms. By abstracting common lifecycle methods and utility functions, the codebase becomes more maintainable and easier to extend for future platform support, while also ensuring consistent security policies are applied uniformly.

Highlights

• Abstract Base Class: Introduced AbstractOsSandboxManager to centralize common logic for sandbox management, implementing the Template Method pattern.
• Path Resolution Refactoring: Moved path resolution logic to a dedicated utility module sandboxPathUtils.ts and centralized governance file protection.
• Platform Consistency: Updated Linux, macOS, and Windows sandbox managers to extend the new base class, ensuring consistent permission and environment handling.
• Improved Security: Enhanced secret file detection on Windows using regex support and centralized secret file definitions.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: -63 B (0%)

Total Size: 33.6 MB

Filename	Size	Change
./bundle/chunk-DF5F567H.js	0 B	-3.43 MB (removed)	🏆
./bundle/chunk-LTOHRV5G.js	0 B	-14.5 MB (removed)	🏆
./bundle/chunk-TPBGQAPH.js	0 B	-3.8 kB (removed)	🏆
./bundle/core-SYHUAHZM.js	0 B	-46.6 kB (removed)	🏆
./bundle/devtoolsService-7HOCY4ME.js	0 B	-28.4 kB (removed)	🏆
./bundle/gemini-3QDRJNOT.js	0 B	-553 kB (removed)	🏆
./bundle/interactiveCli-K5OSRQ2V.js	0 B	-1.29 MB (removed)	🏆
./bundle/oauth2-provider-ZTNQ6M34.js	0 B	-9.16 kB (removed)	🏆
./bundle/chunk-HRTQKQQY.js	14.5 MB	+14.5 MB (new file)	🆕
./bundle/chunk-MWMYJQGI.js	3.8 kB	+3.8 kB (new file)	🆕
./bundle/chunk-ZMYMLL3N.js	3.43 MB	+3.43 MB (new file)	🆕
./bundle/core-OUYPEHAZ.js	46.3 kB	+46.3 kB (new file)	🆕
./bundle/devtoolsService-BEXCMM7O.js	28.4 kB	+28.4 kB (new file)	🆕
./bundle/gemini-4UWSDHGG.js	553 kB	+553 kB (new file)	🆕
./bundle/interactiveCli-5YHGRDAL.js	1.29 MB	+1.29 MB (new file)	🆕
./bundle/oauth2-provider-I3MGLN4F.js	9.16 kB	+9.16 kB (new file)	🆕

ℹ️ View Unchanged

Filename	Size	Change
./bundle/bundled/third_party/index.js	8 MB	0 B
./bundle/chunk-34MYV7JD.js	2.45 kB	0 B
./bundle/chunk-5AUYMPVF.js	858 B	0 B
./bundle/chunk-5PS3AYFU.js	1.18 kB	0 B
./bundle/chunk-664ZODQF.js	124 kB	0 B
./bundle/chunk-DAHVX5MI.js	206 kB	0 B
./bundle/chunk-IUUIT4SU.js	56.5 kB	0 B
./bundle/chunk-PC3Y4R7E.js	1.97 MB	0 B
./bundle/chunk-RJTRUG2J.js	39.8 kB	0 B
./bundle/cleanup-64C4QZRA.js	0 B	-932 B (removed)	🏆
./bundle/devtools-36NN55EP.js	696 kB	0 B
./bundle/dist-T73EYRDX.js	356 B	0 B
./bundle/events-XB7DADIJ.js	418 B	0 B
./bundle/gemini.js	4.97 kB	0 B
./bundle/getMachineId-bsd-TXG52NKR.js	1.55 kB	0 B
./bundle/getMachineId-darwin-7OE4DDZ6.js	1.55 kB	0 B
./bundle/getMachineId-linux-SHIFKOOX.js	1.34 kB	0 B
./bundle/getMachineId-unsupported-5U5DOEYY.js	1.06 kB	0 B
./bundle/getMachineId-win-6KLLGOI4.js	1.72 kB	0 B
./bundle/memoryDiscovery-R4AKKXHF.js	980 B	0 B
./bundle/multipart-parser-KPBZEGQU.js	11.7 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	222 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	229 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	13.4 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B
./bundle/src-QVCVGIUX.js	47 kB	0 B
./bundle/tree-sitter-7U6MW5PS.js	274 kB	0 B
./bundle/tree-sitter-bash-34ZGLXVX.js	1.84 MB	0 B
./bundle/cleanup-WXZYSMZP.js	932 B	+932 B (new file)	🆕

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request refactors the sandbox management architecture by introducing the AbstractOsSandboxManager base class, which centralizes shared logic for environment sanitization, permission merging, and path resolution. The Linux, macOS, and Windows sandbox managers have been updated to extend this base class, significantly reducing redundancy. Additionally, the PR introduces dedicated modules for shared constants and governance utilities. Review feedback recommends refactoring module-level and static cache variables in the Linux implementation into instance-scoped properties to eliminate global state and potential concurrency issues.