gemini-sandbox-configuration

# Gemini Sandbox Configuration

## MANDATORY: Invoke gemini-cli-docs First

> **STOP - Before providing ANY response about Gemini sandboxing:**
>
> 1. **INVOKE** `gemini-cli-docs` skill
> 2. **QUERY** for the specific sandbox topic
> 3. **BASE** responses EXCLUSIVELY on official documentation loaded

## Overview

Meta-skill for configuring Gemini CLI's sandbox isolation. Sandboxing isolates potentially dangerous operations from your host system.

## When to Use This Skill

**Keywords:** sandbox, docker, podman, seatbelt, isolation, container, safe execution, -s flag, GEMINI_SANDBOX

**Use this skill when:**

- Enabling sandboxing for the first time
- Choosing between sandbox methods
- Configuring Seatbelt profiles (macOS)
- Troubleshooting sandbox issues
- Understanding security boundaries

## Sandbox Methods

| Method | Platform | Isolation |
| --- | --- | --- |
| Docker | All | Full container |
| Podman | All | Rootless container |
| Seatbelt | macOS | Process sandbox |

## Configuration

### Enable via Command Flag

```bash
gemini -s -p "command"
```

### Enable via Environment

```bash
export GEMINI_SANDBOX=true
gemini "command"

# Or specify method
export GEMINI_SANDBOX=docker
export GEMINI_SANDBOX=podman
export GEMINI_SANDBOX=sandbox-exec
```

### Enable via Settings

Add to `settings.json`:

```json
{
  "tools": {
    "sandbox": true
  }
}
```

Or specify method:

```json
{
  "tools": {
    "sandbox": "docker"
  }
}
```

## Seatbelt Profiles (macOS)

Set via `SEATBELT_PROFILE` environment variable:

| Profile | Writes | Network |
| --- | --- | --- |
| `permissive-open` (default) | Restricted | Allowed |
| `permissive-closed` | Restricted | Blocked |
| `permissive-proxied` | Restricted | Via proxy |
| `restrictive-open` | Strict | Allowed |
| `restrictive-closed` | Strict | Blocked |

## Custom Sandbox Flags

For container-based sandboxing, inject custom flags:

```bash
export SANDBOX_FLAGS="--security-opt label=disable"
```

## Keyword Registry (Delegates to