env flags SANDBOX_{MOUNTS,ENV}, improved debugging through sandbox that should now work in all scenarios (#201)

* env flags SANDBOX_{MOUNTS,ENV}, improved debugging through sandbox that should now work in all scenarios

* Merge remote-tracking branch 'origin/main' into sandbox_flags_improved_debugging

scripts/start_sandbox.sh

@@ -22,20 +22,15 @@ fi
 
 CMD=$(scripts/sandbox_command.sh)
 IMAGE=gemini-code-sandbox
-DEBUG_PORT=9229
+DEBUG_PORT=${DEBUG_PORT:-9229}
 PROJECT=$(basename "$PWD")
-WORKDIR=/sandbox/$PROJECT
+WORKDIR=$PWD
 CLI_PATH=/usr/local/share/npm-global/lib/node_modules/\@gemini-code/cli
 
 # if project is gemini-code, then switch to -dev image & run CLI from $WORKDIR/packages/cli
 if [[ "$PROJECT" == "gemini-code" ]]; then
     IMAGE+="-dev"
     CLI_PATH="$WORKDIR/packages/cli"
-elif [ -n "${DEBUG:-}" ]; then
-    # refuse to debug using global installation for now (can be added later)
-    # (requires a separate attach config, see comments in launch.json around remoteRoot)
-    echo "ERROR: debugging is sandbox is not supported when target/root is not gemini-code"
-    exit 1
 fi
 
 # stop if image is missing
@@ -53,14 +48,7 @@ run_args+=(-v "$PWD:$WORKDIR")
 # mount $TMPDIR as /tmp inside container
 run_args+=(-v "${TMPDIR:-/tmp/}:/tmp")
 
-# name container after image, plus numeric suffix to avoid conflicts
-INDEX=0
-while $CMD ps -a --format "{{.Names}}" | grep -q "$IMAGE-$INDEX"; do
-    INDEX=$((INDEX + 1))
-done
-run_args+=(--name "$IMAGE-$INDEX" --hostname "$IMAGE-$INDEX")
-
-# if .env exists, source it before variable existence checks below
+# if .env exists, source it before checking/parsing environment variables below
 # allow .env to be in any ancestor directory (same as findEnvFile in config.ts)
 current_dir=$(pwd)
 while [ "$current_dir" != "/" ]; do
@@ -71,6 +59,39 @@ while [ "$current_dir" != "/" ]; do
     current_dir=$(dirname "$current_dir")
 done
 
+# mount paths listed in SANDBOX_MOUNTS
+if [ -n "${SANDBOX_MOUNTS:-}" ]; then
+    mounts=$(echo "$SANDBOX_MOUNTS" | tr ',' '\n')
+    for mount in $mounts; do
+        if [ -n "$mount" ]; then
+            # parse mount as from:to:opts
+            IFS=':' read -r from to opts <<<"$mount"
+            to=${to:-"$from"}  # default to mount at same path inside container
+            opts=${opts:-"ro"} # default to read-only
+            mount="$from:$to:$opts"
+            # check that $from is absolute
+            if [[ "$from" != /* ]]; then
+                echo "ERROR: path '$from' listed in SANDBOX_MOUNTS must be absolute"
+                exit 1
+            fi
+            # check that $from path exists on host
+            if [ ! -e "$from" ]; then
+                echo "ERROR: missing mount path '$from' listed in SANDBOX_MOUNTS"
+                exit 1
+            fi
+            echo "SANDBOX_MOUNTS: $from -> $to ($opts)"
+            run_args+=(-v "$mount")
+        fi
+    done
+fi
+
+# name container after image, plus numeric suffix to avoid conflicts
+INDEX=0
+while $CMD ps -a --format "{{.Names}}" | grep -q "$IMAGE-$INDEX"; do
+    INDEX=$((INDEX + 1))
+done
+run_args+=(--name "$IMAGE-$INDEX" --hostname "$IMAGE-$INDEX")
+
 # copy GEMINI_API_KEY
 if [ -n "${GEMINI_API_KEY:-}" ]; then run_args+=(--env GEMINI_API_KEY="$GEMINI_API_KEY"); fi
 
@@ -84,6 +105,22 @@ if [ -n "${SHELL_TOOL:-}" ]; then run_args+=(--env SHELL_TOOL="$SHELL_TOOL"); fi
 if [ -n "${TERM:-}" ]; then run_args+=(--env TERM="$TERM"); fi
 if [ -n "${COLORTERM:-}" ]; then run_args+=(--env COLORTERM="$COLORTERM"); fi
 
+# copy additional environment variables from SANDBOX_ENV
+if [ -n "${SANDBOX_ENV:-}" ]; then
+    envs=$(echo "$SANDBOX_ENV" | tr ',' '\n')
+    for env in $envs; do
+        if [ -n "$env" ]; then
+            if [[ "$env" == *=* ]]; then
+                echo "SANDBOX_ENV: $env"
+                run_args+=(--env "$env")
+            else
+                echo "ERROR: SANDBOX_ENV must be a comma-separated list of key=value pairs"
+                exit 1
+            fi
+        fi
+    done
+fi
+
 # set SANDBOX environment variable as container name
 # this is the preferred mechanism to detect if inside container/sandbox
 run_args+=(--env "SANDBOX=$IMAGE-$INDEX")