Refactor_sandbox_command (#121)

scripts/build.sh

@@ -23,9 +23,8 @@ fi
 # build all workspaces/packages
 npm run build --workspaces
 
-# also build container image if GEMINI_CODE_SANDBOX is set (can be in .env file)
+# also build container image if sandboxing is enabled
 # skip (-s) npm install + build since we did that above
-if [[ "${GEMINI_CODE_SANDBOX:-}" =~ ^(1|true)$ ]] || \
-   { [ -f .env ] && grep -qiE '^GEMINI_CODE_SANDBOX *= *(1|true)' .env; }; then
+if scripts/sandbox_command.sh -q; then
     scripts/build_sandbox.sh -s
 fi

scripts/build_sandbox.sh

@@ -15,6 +15,14 @@
 
 set -euo pipefail
 
+if ! scripts/sandbox_command.sh -q; then
+    echo "ERROR: sandboxing disabled. See README.md to enable sandboxing."
+    exit 1
+fi
+
+CMD=$(scripts/sandbox_command.sh)
+echo "using $CMD for sandboxing"
+
 IMAGE=gemini-code-sandbox
 
 SKIP_NPM_INSTALL_BUILD=false
@@ -30,17 +38,6 @@ while getopts "s" opt; do
 done
 shift $((OPTIND - 1))
 
-# use docker if installed, otherwise try to use podman instead
-if command -v docker &> /dev/null; then
-    CMD=docker
-elif command -v podman &> /dev/null; then
-    CMD=podman
-else
-    echo "ERROR: missing docker or podman for sandboxing"
-    exit 1
-fi
-echo "using $CMD for sandboxing"
-
 # npm install + npm run build unless skipping via -s option
 if [ "$SKIP_NPM_INSTALL_BUILD" = false ]; then
     npm install

scripts/sandbox.sh

@@ -15,6 +15,11 @@
 
 set -euo pipefail
 
+if ! scripts/sandbox_command.sh -q; then
+    echo "ERROR: sandboxing disabled. See README.md to enable sandboxing."
+    exit 1
+fi
+
 # parse flags
 interactive=false
 while getopts "i" opt; do
@@ -36,18 +41,8 @@ while getopts "i" opt; do
 done
 shift $((OPTIND - 1))
 
-
 IMAGE=gemini-code-sandbox
-
-# use docker if installed, otherwise try to use podman instead
-if command -v docker &> /dev/null; then
-    CMD=docker
-elif command -v podman &> /dev/null; then
-    CMD=podman
-else
-    echo "ERROR: missing docker or podman for sandboxing"
-    exit 1
-fi
+CMD=$(scripts/sandbox_command.sh)
 
 # list all containers running on sandbox image
 sandboxes=()

scripts/sandbox_command.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# usage: scripts/sandbox_command.sh [-q]
+#    -q: quiet mode (do not print command, just exit w/ code 0 or 1)
+
+set -euo pipefail
+
+# parse flags
+QUIET=false
+while getopts ":q" opt; do
+    case ${opt} in
+        q ) QUIET=true ;;
+        \? ) echo "Usage: $0 [-q]"
+            exit 1
+            ;;
+    esac
+done
+shift $((OPTIND - 1))
+
+
+# if GEMINI_CODE_SANDBOX is not set, try to source .env in case set there
+if [ -z "${GEMINI_CODE_SANDBOX:-}" ]; then source .env; fi
+
+# if GEMINI_CODE_SANDBOX is still not set, then exit immediately w/ code 1
+if [ -z "${GEMINI_CODE_SANDBOX:-}" ]; then exit 1; fi
+
+# lowercase GEMINI_CODE_SANDBOX
+GEMINI_CODE_SANDBOX=$(echo "${GEMINI_CODE_SANDBOX:-}" | tr '[:upper:]' '[:lower:]')
+
+# if GEMINI_CODE_SANDBOX is set to 1 or true, then try to use docker or podman
+if [[ "${GEMINI_CODE_SANDBOX:-}" =~ ^(1|true)$ ]]; then
+    if command -v docker &> /dev/null; then
+        if [ "$QUIET" = false ]; then echo "docker"; fi
+        exit 0
+    elif command -v podman &> /dev/null; then
+        if [ "$QUIET" = false ]; then echo "podman"; fi
+        exit 0
+    else
+        echo "ERROR: install docker or podman or specify command in GEMINI_CODE_SANDBOX" >&2
+        exit 1
+    fi
+fi
+
+if ! command -v "$GEMINI_CODE_SANDBOX" &> /dev/null; then
+    echo "ERROR: missing sandbox command '$GEMINI_CODE_SANDBOX' (from GEMINI_CODE_SANDBOX)" >&2
+    exit 1
+fi
+
+if [ "$QUIET" = false ]; then echo "$GEMINI_CODE_SANDBOX"; fi
+exit 0

scripts/start.sh

@@ -18,13 +18,11 @@ set -euo pipefail
 # check build status, write warnings to file for app to display if needed
 node ./scripts/check-build-status.js
 
-# if GEMINI_CODE_SANDBOX is set (can be in .env file), start in sandbox container
-if [[ "${GEMINI_CODE_SANDBOX:-}" =~ ^(1|true)$ ]] || \
-   { [ -f .env ] && grep -qiE '^GEMINI_CODE_SANDBOX *= *(1|true)' .env; }; then
-    echo "Running in sandbox container ..."
+# if sandboxing is enabled, start in sandbox container
+if scripts/sandbox_command.sh -q; then
     scripts/start_sandbox.sh "$@"
 else
-    echo "WARNING: running outside of sandbox. Set GEMINI_CODE_SANDBOX to enable sandbox."
+    echo "WARNING: OUTSIDE SANDBOX. See README.md to enable sandboxing."
     if [ -n "${DEBUG:-}" ]; then
         node --inspect-brk node_modules/@gemini-code/cli "$@"
     else

scripts/start_sandbox.sh

@@ -15,21 +15,17 @@
 
 set -euo pipefail
 
+if ! scripts/sandbox_command.sh -q; then
+    echo "ERROR: sandboxing disabled. See README.md to enable sandboxing."
+    exit 1
+fi
+
+CMD=$(scripts/sandbox_command.sh)
 IMAGE=gemini-code-sandbox
 WORKDIR=/sandbox/$(basename "$PWD")
 CLI_PATH=/usr/local/share/npm-global/lib/node_modules/\@gemini-code/cli
 DEBUG_PORT=9229
 
-# use docker if installed, otherwise try to use podman instead
-if command -v docker &> /dev/null; then
-    CMD=docker
-elif command -v podman &> /dev/null; then
-    CMD=podman
-else
-    echo "ERROR: missing docker or podman for sandboxing"
-    exit 1
-fi
-
 # use interactive tty mode and auto-remove container on exit
 run_args=(-it --rm)