fix(core): ensure robust sandbox cleanup in all process execution paths

[ehedlund]

Summary

Fix memory leaks and resource exhaustion in sandboxed process execution. This PR adds missing sandbox cleanup calls and wraps all process execution logic in robust try...finally blocks to ensure sidecar processes and temporary files are reliably terminated across all success, error, and early-abort paths.

Details

The original implementation missed calling prepared.cleanup?.() in several execution paths, leading to resource leaks. Additionally, standard event handlers were insufficient to guarantee cleanup during synchronous throws or aborted generators.

Changes included in this PR:

1. Added Missing Cleanups: Ensure cleanup is invoked in previously unhandled success and error paths.
2. Refactored to try...finally: Upgraded all sandbox process execution methods to use try...finally blocks for guaranteed execution, regardless of how the process terminates.

Affected areas:

• SandboxedFileSystemService: read_file and write_file paths.
• GrepTool: Success and error paths.
• ToolRegistry: Success and error paths for both tool discovery and invocation.
• shell-utils: spawnAsync and execStreaming paths.
• ShellExecutionService: childProcessFallback and executeWithPty paths.

Related Issues

Mentioned in #24480 review.

How to Validate

Run the core tests that use the sandbox and shell execution:
npm test -w @google/gemini-cli-core -- src/utils/sandboxUtils.test.ts src/services/sandboxedFileSystemService.test.ts src/tools/grep.test.ts src/tools/tool-registry.test.ts src/services/shellExecutionService.test.ts

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request improves the reliability and resource management of the sandboxed process execution system. By consistently calling cleanup routines in both successful and error-handling scenarios, it prevents resource leaks that previously led to intermittent test failures and potential system instability.

Highlights

• Resource Management: Ensured that sandbox cleanup functions are invoked across all success and error paths in process execution.
• Memory Leak Prevention: Addressed potential memory leaks and resource exhaustion by guaranteeing the termination of sidecar processes and removal of temporary files.
• Stability Improvements: Resolved intermittent test failures caused by resource limit exhaustion during sandboxed operations.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-cli]

Hi @ehedlund, thank you so much for your contribution to Gemini CLI! We really appreciate the time and effort you've put into this.

We're making some updates to our contribution process to improve how we track and review changes. Please take a moment to review our recent discussion post: Improving Our Contribution Process & Introducing New Guidelines.

Key Update: Starting January 26, 2026, the Gemini CLI project will require all pull requests to be associated with an existing issue. Any pull requests not linked to an issue by that date will be automatically closed.

Thank you for your understanding and for being a part of our community!

[github-actions]

Size Change: +1.56 kB (0%)

Total Size: 34 MB

Filename	Size	Change
./bundle/chunk-BQ2S6UQQ.js	0 B	-3.15 MB (removed)	🏆
./bundle/chunk-OHFWXOV5.js	0 B	-14.8 MB (removed)	🏆
./bundle/core-RTSLYREY.js	0 B	-45.2 kB (removed)	🏆
./bundle/devtoolsService-R5ELNQFY.js	0 B	-28.4 kB (removed)	🏆
./bundle/interactiveCli-V4F6MSFG.js	0 B	-1.64 MB (removed)	🏆
./bundle/oauth2-provider-R5BQWMYE.js	0 B	-9.16 kB (removed)	🏆
./bundle/chunk-KURQTKTH.js	3.15 MB	+3.15 MB (new file)	🆕
./bundle/chunk-YG4CSSVC.js	14.8 MB	+14.8 MB (new file)	🆕
./bundle/core-KIM3ZVMG.js	45.2 kB	+45.2 kB (new file)	🆕
./bundle/devtoolsService-NJHLALMT.js	28.4 kB	+28.4 kB (new file)	🆕
./bundle/interactiveCli-I4EX7LZ6.js	1.64 MB	+1.64 MB (new file)	🆕
./bundle/oauth2-provider-4OSSPOSI.js	9.16 kB	+9.16 kB (new file)	🆕

ℹ️ View Unchanged

Filename	Size
./bundle/bundled/third_party/index.js	8 MB
./bundle/chunk-34MYV7JD.js	2.45 kB
./bundle/chunk-5AUYMPVF.js	858 B
./bundle/chunk-5PS3AYFU.js	1.18 kB
./bundle/chunk-664ZODQF.js	124 kB
./bundle/chunk-DAHVX5MI.js	206 kB
./bundle/chunk-GFUOVHXW.js	1.96 MB
./bundle/chunk-IUUIT4SU.js	56.5 kB
./bundle/chunk-RJTRUG2J.js	39.8 kB
./bundle/devtools-36NN55EP.js	696 kB
./bundle/dist-T73EYRDX.js	356 B
./bundle/events-XB7DADIJ.js	418 B
./bundle/gemini.js	552 kB
./bundle/getMachineId-bsd-TXG52NKR.js	1.55 kB
./bundle/getMachineId-darwin-7OE4DDZ6.js	1.55 kB
./bundle/getMachineId-linux-SHIFKOOX.js	1.34 kB
./bundle/getMachineId-unsupported-5U5DOEYY.js	1.06 kB
./bundle/getMachineId-win-6KLLGOI4.js	1.72 kB
./bundle/memoryDiscovery-ACCRGPX3.js	980 B
./bundle/multipart-parser-KPBZEGQU.js	11.7 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	222 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	229 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	13.4 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B
./bundle/sandbox-macos-permissive-open.sb	890 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB
./bundle/sandbox-macos-strict-open.sb	4.82 kB
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB
./bundle/src-QVCVGIUX.js	47 kB
./bundle/tree-sitter-7U6MW5PS.js	274 kB
./bundle/tree-sitter-bash-34ZGLXVX.js	1.84 MB

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request introduces manual cleanup logic for sandboxed processes by invoking cleanup functions within 'close' and 'error' event handlers across several core services and tools. While this addresses basic resource management, the review feedback indicates that the current implementation is fragile. Specifically, resource leaks can still occur if errors happen during process initialization or before the event handlers are successfully attached. It is recommended to refactor these implementations to use 'try...finally' blocks to ensure that cleanup is executed reliably regardless of where an error occurs in the process lifecycle.

[github-actions]

🚨 Action Required: Eval Regressions Detected

Model: gemini-3-flash-preview

The following trustworthy evaluations passed on main and in recent Nightly runs, but failed in this PR. These regressions must be addressed before merging.

Test Name	Nightly	PR Result	Status
should delegate to cli_help agent for subagent creation questions	89%	0%	❌ Regression

The check passed or was cleared for 61 other trustworthy evaluations.

🛠️ Troubleshooting & Fix Instructions

1. Ask Gemini CLI to fix it (Recommended)

Copy and paste this prompt to the agent:

The eval "should delegate to cli_help agent for subagent creation questions" in evals/cli_help_delegation.eval.ts is failing. Investigate and fix it using the behavioral-evals skill.

2. Reproduce Locally

Run the following command to see the failure trajectory:

GEMINI_MODEL=gemini-3-flash-preview npm run test:all_evals -- evals/cli_help_delegation.eval.ts --testNamePattern="should delegate to cli_help agent for subagent creation questions"

3. Manual Fix

See the Fixing Guide for detailed troubleshooting steps.

### 🧠 Model Steering Guidance

This PR modifies files that affect the model's behavior (prompts, tools, or instructions).

• ⚠️ Consider adding Evals: No behavioral evaluations (evals/*.eval.ts) were added or updated in this PR. Consider adding a test case to verify the new behavior and prevent regressions.
• 🚀 Maintainer Reminder: Please ensure that these changes do not regress results on benchmark evals before merging.

---

This is an automated guidance message triggered by steering logic signatures.