Skip to content

sandbox allowed/blocked domains#712

Open
kcoopermiller wants to merge 5 commits into
mainfrom
feature/allowed-domains
Open

sandbox allowed/blocked domains#712
kcoopermiller wants to merge 5 commits into
mainfrom
feature/allowed-domains

Conversation

@kcoopermiller

@kcoopermiller kcoopermiller commented Jun 4, 2026

Copy link
Copy Markdown
Member

Note

Medium Risk
Changes sandbox network egress configuration surface; misconfiguration could weaken isolation, though enforcement depends on the backend and VM sandboxes are blocked client-side.

Overview
Adds sandbox egress domain controls end-to-end in the SDK and prime CLI: allowed_domains (allowlist when network is off) and blocked_domains (blocklist when network is on), including wildcard support in CLI help.

prime-sandboxes exposes the fields on Sandbox and CreateSandboxRequest, with validators tying allowlists to network_access=false, blocklists to network_access=true, and rejecting both on VM sandboxes.

CLI adds repeatable --allowed-domain / --blocked-domain on sandbox create, mirrors the same rules before submit, shows domains on create summary and sandbox get, and errors if an older prime-sandboxes wheel lacks the fields when those flags are used.

Tests cover forwarding lists into CreateSandboxRequest and the SDK-missing-field guard.

Reviewed by Cursor Bugbot for commit b5f1018. Bugbot is set up for automated code reviews on this repo. Configure here.

@kcoopermiller kcoopermiller changed the title sandbox allowed domains sandbox allowed/blocked domains Jun 15, 2026

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit c583d27. Configure here.

Comment thread packages/prime/src/prime_cli/commands/sandbox.py Outdated
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant