From 8778a4205a23aeea18e530793ece5142af6b580d Mon Sep 17 00:00:00 2001
From: Mng <50384638+Mng-dev-ai@users.noreply.github.com>
Date: Sun, 22 Feb 2026 19:51:12 +0200
Subject: [PATCH] Restrict host sandbox provider to desktop Tauri app only

The host provider executes commands directly on the user's machine,
which is only appropriate in the desktop app context. Hide the option
in the web UI and guard the backend factory with a DESKTOP_MODE check.
---
 backend/app/services/sandbox_providers/factory.py            | 4 ++++
 frontend/src/components/settings/tabs/GeneralSettingsTab.tsx | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/backend/app/services/sandbox_providers/factory.py b/backend/app/services/sandbox_providers/factory.py
index a4d3ee4..68a90ad 100644
--- a/backend/app/services/sandbox_providers/factory.py
+++ b/backend/app/services/sandbox_providers/factory.py
@@ -51,6 +51,10 @@ def create(
             return ModalSandboxProvider(api_key=api_key)
 
         if provider_type == SandboxProviderType.HOST:
+            if not settings.DESKTOP_MODE:
+                raise SandboxException(
+                    "Host provider is only available in the desktop app"
+                )
             host_base_dir = settings.get_host_sandbox_base_dir()
             return LocalHostProvider(
                 base_dir=host_base_dir,
diff --git a/frontend/src/components/settings/tabs/GeneralSettingsTab.tsx b/frontend/src/components/settings/tabs/GeneralSettingsTab.tsx
index eb3b51b..60497e7 100644
--- a/frontend/src/components/settings/tabs/GeneralSettingsTab.tsx
+++ b/frontend/src/components/settings/tabs/GeneralSettingsTab.tsx
@@ -8,6 +8,7 @@ import type { Theme } from '@/types/ui.types';
 import { useUIStore } from '@/store/uiStore';
 import { SecretInput } from '@/components/settings/inputs/SecretInput';
 import { cn } from '@/utils/cn';
+import { isTauri } from '@tauri-apps/api/core';
 
 interface GeneralSettingsTabProps {
   fields: GeneralSecretFieldConfig[];
@@ -111,7 +112,9 @@ export const GeneralSettingsTab: React.FC<GeneralSettingsTabProps> = ({
           value={settings.sandbox_provider ?? 'docker'}
           onChange={(val) => onSandboxProviderChange(val as SandboxProviderType)}
           options={[
-            { value: 'host', label: 'Host (Local)', disabled: false },
+            ...(isTauri()
+              ? [{ value: 'host', label: 'Host (Local)', disabled: false }]
+              : []),
             { value: 'docker', label: 'Docker (Local)', disabled: false },
             { value: 'e2b', label: 'E2B (Cloud)', disabled: !savedSettings?.e2b_api_key },
             { value: 'modal', label: 'Modal (Cloud)', disabled: !savedSettings?.modal_api_key },