From 61f8ce78550e405dddd2faa3e5264841e6a85fde Mon Sep 17 00:00:00 2001
From: Matt Brockman <matt.brockman@e2b.dev>
Date: Thu, 25 Jun 2026 20:15:49 -0700
Subject: [PATCH 1/5] Gate terminal templates by trusted providers

---
 src/app/sbx/new/route.ts                      | 15 +----
 src/core/modules/feature-flags/definitions.ts | 10 +++
 .../feature-flags/feature-flags.client.tsx    | 18 ++++-
 .../dashboard-terminal-command-dialog.tsx     | 65 ++++++++++++-------
 .../dashboard/terminal/dashboard-terminal.tsx | 50 +++++++++++---
 src/features/dashboard/terminal/template.ts   | 36 ++++++++++
 src/features/dashboard/terminal/types.ts      |  3 +-
 tests/unit/dashboard-terminal.test.ts         | 33 ++++++++++
 tests/unit/feature-flags.test.ts              | 27 +++++++-
 tests/unit/sbx-new-route.test.ts              | 52 +++++++++++++++
 10 files changed, 259 insertions(+), 50 deletions(-)
 create mode 100644 tests/unit/sbx-new-route.test.ts

diff --git a/src/app/sbx/new/route.ts b/src/app/sbx/new/route.ts
index 26710beb1..907289cf7 100644
--- a/src/app/sbx/new/route.ts
+++ b/src/app/sbx/new/route.ts
@@ -1,6 +1,4 @@
-import Sandbox from 'e2b'
 import { type NextRequest, NextResponse } from 'next/server'
-import { authHeaders } from '@/configs/api'
 import { AUTH_URLS, PROTECTED_URLS } from '@/configs/urls'
 import { getAuthContext } from '@/core/server/auth'
 import { resolveUserTeam } from '@/core/server/functions/team/resolve-user-team'
@@ -39,14 +37,6 @@ export const GET = async (req: NextRequest) => {
       return NextResponse.redirect(new URL(req.url).origin)
     }
 
-    const sbx = await Sandbox.create(template, {
-      apiUrl: process.env.NEXT_PUBLIC_INFRA_API_URL,
-      domain: process.env.NEXT_PUBLIC_E2B_DOMAIN,
-      apiHeaders: {
-        ...authHeaders(authContext.accessToken, team.id),
-      },
-    })
-
     const terminalParams = new URLSearchParams({ template })
     const command = requestUrl.searchParams.get('command')?.trim()
 
@@ -54,10 +44,7 @@ export const GET = async (req: NextRequest) => {
       terminalParams.set('command', command)
     }
 
-    const terminalUrl = PROTECTED_URLS.SANDBOX_TERMINAL(
-      team.slug,
-      sbx.sandboxId
-    )
+    const terminalUrl = PROTECTED_URLS.TERMINAL(team.slug)
 
     return NextResponse.redirect(
       new URL(`${terminalUrl}?${terminalParams.toString()}`, req.url)
diff --git a/src/core/modules/feature-flags/definitions.ts b/src/core/modules/feature-flags/definitions.ts
index c858ceca7..be6461ea6 100644
--- a/src/core/modules/feature-flags/definitions.ts
+++ b/src/core/modules/feature-flags/definitions.ts
@@ -1,3 +1,4 @@
+import { z } from 'zod'
 import type { FeatureFlagDefinition } from '@/core/modules/feature-flags/types'
 
 export const FEATURE_FLAGS = {
@@ -31,6 +32,15 @@ export const FEATURE_FLAGS = {
       'Disables provisioning of e2b access tokens via generateE2BUserAccessToken. When enabled, the legacy CLI flow shows an upgrade prompt and the createAccessToken tRPC mutation returns an error.',
     exposure: 'server',
   },
+  trustedTemplateProviders: {
+    kind: 'payload',
+    key: 'trusted_template_providers',
+    defaultValue: [],
+    schema: z.array(z.string()),
+    description:
+      'Template providers whose namespaced templates can auto-start dashboard terminals.',
+    exposure: 'both',
+  },
 } as const satisfies Record<string, FeatureFlagDefinition>
 
 export type FeatureFlagId = keyof typeof FEATURE_FLAGS
diff --git a/src/core/modules/feature-flags/feature-flags.client.tsx b/src/core/modules/feature-flags/feature-flags.client.tsx
index cd5d7a2b5..6e747ad2c 100644
--- a/src/core/modules/feature-flags/feature-flags.client.tsx
+++ b/src/core/modules/feature-flags/feature-flags.client.tsx
@@ -10,11 +10,13 @@ import {
 import {
   type BooleanFeatureFlagId,
   FEATURE_FLAGS,
+  type PayloadFeatureFlagId,
 } from '@/core/modules/feature-flags/definitions'
 import type { EvaluatedFeatureFlag } from '@/core/modules/feature-flags/types'
 
 type FeatureFlagsContextValue = {
   flags: EvaluatedFeatureFlag[]
+  getPayload(flagId: PayloadFeatureFlagId): unknown
   isEnabled(flagId: BooleanFeatureFlagId): boolean
 }
 
@@ -47,9 +49,17 @@ export function FeatureFlagsProvider({
     [flagsById]
   )
 
+  const getPayload = useCallback(
+    (flagId: PayloadFeatureFlagId) => {
+      const evaluatedFlag = flagsById.get(flagId)
+      return evaluatedFlag?.value ?? FEATURE_FLAGS[flagId].defaultValue
+    },
+    [flagsById]
+  )
+
   const value = useMemo(
-    () => ({ flags: initialFlags, isEnabled }),
-    [initialFlags, isEnabled]
+    () => ({ flags: initialFlags, getPayload, isEnabled }),
+    [initialFlags, getPayload, isEnabled]
   )
 
   return (
@@ -72,3 +82,7 @@ export function useFeatureFlags() {
 export function useFeatureFlag(flagId: BooleanFeatureFlagId) {
   return useFeatureFlags().isEnabled(flagId)
 }
+
+export function useFeatureFlagPayload(flagId: PayloadFeatureFlagId) {
+  return useFeatureFlags().getPayload(flagId)
+}
diff --git a/src/features/dashboard/terminal/dashboard-terminal-command-dialog.tsx b/src/features/dashboard/terminal/dashboard-terminal-command-dialog.tsx
index 34c6e902d..c4de9cd44 100644
--- a/src/features/dashboard/terminal/dashboard-terminal-command-dialog.tsx
+++ b/src/features/dashboard/terminal/dashboard-terminal-command-dialog.tsx
@@ -17,7 +17,7 @@ import type { PendingTerminalLaunch } from './types'
 interface DashboardTerminalCommandDialogProps {
   launch: PendingTerminalLaunch | null
   onCancel: () => void
-  onConfirm: (command: string) => void
+  onConfirm: (command?: string) => void
 }
 
 export default function DashboardTerminalCommandDialog({
@@ -28,6 +28,8 @@ export default function DashboardTerminalCommandDialog({
   const commandInputId = useId()
   const [command, setCommand] = useState('')
   const normalizedCommand = command.trim()
+  const hasCommand = launch?.command !== undefined
+  const untrustedTemplateProvider = launch?.untrustedTemplateProvider
 
   useEffect(() => {
     setCommand(launch?.command ?? '')
@@ -40,10 +42,15 @@ export default function DashboardTerminalCommandDialog({
           <div className="mb-1 flex size-9 items-center justify-center border bg-bg">
             <WarningIcon className="size-5 text-icon-tertiary" />
           </div>
-          <DialogTitle>Review terminal command</DialogTitle>
+          <DialogTitle>
+            {hasCommand
+              ? 'Review terminal command'
+              : 'Review terminal template'}
+          </DialogTitle>
           <DialogDescription>
-            This command will run inside a persistent E2B sandbox after the
-            terminal opens.
+            {hasCommand
+              ? 'This command will run inside a persistent E2B sandbox after the terminal opens.'
+              : 'This terminal will start from a template published by an untrusted provider.'}
           </DialogDescription>
         </DialogHeader>
 
@@ -63,21 +70,33 @@ export default function DashboardTerminalCommandDialog({
                 {launch.target?.template ?? 'base'}
               </code>
             </div>
-            <div className="space-y-1">
-              <label
-                className="prose-label text-fg-tertiary"
-                htmlFor={commandInputId}
-              >
-                Command
-              </label>
-              <Textarea
-                className="max-h-48 min-h-24 font-mono text-xs"
-                id={commandInputId}
-                onChange={(event) => setCommand(event.target.value)}
-                spellCheck={false}
-                value={command}
-              />
-            </div>
+            {untrustedTemplateProvider ? (
+              <div className="space-y-1">
+                <p className="prose-label text-fg-tertiary">
+                  Template provider
+                </p>
+                <code className="block border bg-bg px-3 py-2 font-mono text-xs text-fg">
+                  {untrustedTemplateProvider}
+                </code>
+              </div>
+            ) : null}
+            {hasCommand ? (
+              <div className="space-y-1">
+                <label
+                  className="prose-label text-fg-tertiary"
+                  htmlFor={commandInputId}
+                >
+                  Command
+                </label>
+                <Textarea
+                  className="max-h-48 min-h-24 font-mono text-xs"
+                  id={commandInputId}
+                  onChange={(event) => setCommand(event.target.value)}
+                  spellCheck={false}
+                  value={command}
+                />
+              </div>
+            ) : null}
           </div>
         ) : null}
 
@@ -87,10 +106,12 @@ export default function DashboardTerminalCommandDialog({
           </Button>
           <Button
             type="button"
-            disabled={!normalizedCommand}
-            onClick={() => onConfirm(normalizedCommand)}
+            disabled={hasCommand && !normalizedCommand}
+            onClick={() =>
+              onConfirm(hasCommand ? normalizedCommand : undefined)
+            }
           >
-            Run command
+            {hasCommand ? 'Run command' : 'Start terminal'}
           </Button>
         </DialogFooter>
       </DialogContent>
diff --git a/src/features/dashboard/terminal/dashboard-terminal.tsx b/src/features/dashboard/terminal/dashboard-terminal.tsx
index c3c443193..9111eacd1 100644
--- a/src/features/dashboard/terminal/dashboard-terminal.tsx
+++ b/src/features/dashboard/terminal/dashboard-terminal.tsx
@@ -1,7 +1,15 @@
 'use client'
 
 import type { CommandHandle, Sandbox } from 'e2b'
-import { useCallback, useEffect, useEffectEvent, useRef, useState } from 'react'
+import {
+  useCallback,
+  useEffect,
+  useEffectEvent,
+  useMemo,
+  useRef,
+  useState,
+} from 'react'
+import { useFeatureFlagPayload } from '@/core/modules/feature-flags/feature-flags.client'
 import { useTRPCClient } from '@/trpc/client'
 import {
   DEFAULT_CWD,
@@ -11,6 +19,7 @@ import {
 import DashboardTerminalCommandDialog from './dashboard-terminal-command-dialog'
 import { openTerminalSandbox } from './sandbox-session'
 import {
+  getUntrustedTerminalTemplateProvider,
   normalizeTerminalTemplate,
   resolveTerminalTemplateOverride,
 } from './template'
@@ -52,6 +61,18 @@ export default function DashboardTerminal({
   userId,
 }: DashboardTerminalProps) {
   const trpcClient = useTRPCClient()
+  const trustedTemplateProvidersPayload = useFeatureFlagPayload(
+    'trustedTemplateProviders'
+  )
+  const trustedTemplateProviders = useMemo(
+    () =>
+      Array.isArray(trustedTemplateProvidersPayload)
+        ? trustedTemplateProvidersPayload.filter(
+            (provider): provider is string => typeof provider === 'string'
+          )
+        : [],
+    [trustedTemplateProvidersPayload]
+  )
 
   const [status, setStatus] = useState<TerminalStatus>('idle')
   const [activeSandboxId, setActiveSandboxId] = useState<string>()
@@ -443,15 +464,24 @@ export default function DashboardTerminal({
         return
       }
 
-      if (command.trim()) {
-        // Commands can come from links, so require an explicit click before
-        // sending anything into the PTY.
+      const normalizedCommand = command.trim()
+      const untrustedTemplateProvider = !options.target?.sandboxId
+        ? getUntrustedTerminalTemplateProvider(
+            nextTemplate,
+            trustedTemplateProviders
+          )
+        : undefined
+
+      if (normalizedCommand || untrustedTemplateProvider) {
+        // Commands and third-party template starts can come from links, so
+        // require an explicit click before creating a sandbox or writing PTY input.
         setPendingLaunch({
-          command: command.trim(),
+          command: normalizedCommand || undefined,
           target: {
             ...options.target,
             template: nextTemplate,
           },
+          untrustedTemplateProvider,
         })
         return
       }
@@ -466,15 +496,15 @@ export default function DashboardTerminal({
         })
       }
     },
-    [appendOutput, startTerminal, status, template]
+    [appendOutput, startTerminal, status, template, trustedTemplateProviders]
   )
 
   const confirmPendingLaunch = useCallback(
-    (command: string) => {
+    (command?: string) => {
       if (!pendingLaunch) return
 
-      const normalizedCommand = command.trim()
-      if (!normalizedCommand) return
+      const normalizedCommand = command?.trim() ?? ''
+      if (pendingLaunch.command !== undefined && !normalizedCommand) return
 
       const { target: launchTarget } = pendingLaunch
       const launchTemplate = launchTarget?.template ?? 'base'
@@ -501,7 +531,7 @@ export default function DashboardTerminal({
       }
 
       setPendingLaunch(null)
-      pendingCommandsRef.current = [normalizedCommand]
+      pendingCommandsRef.current = normalizedCommand ? [normalizedCommand] : []
       void startTerminal({
         forceNewSandbox: !launchSandboxId && template !== launchTemplate,
         target: launchTarget,
diff --git a/src/features/dashboard/terminal/template.ts b/src/features/dashboard/terminal/template.ts
index d320bc870..eaf78d635 100644
--- a/src/features/dashboard/terminal/template.ts
+++ b/src/features/dashboard/terminal/template.ts
@@ -23,3 +23,39 @@ export function resolveTerminalTemplateOverride(
 
   return normalizeTerminalTemplate(template)
 }
+
+export function getTerminalTemplateProvider(template: string) {
+  const separatorIndex = template.lastIndexOf('/')
+
+  if (separatorIndex <= 0) {
+    return null
+  }
+
+  return template.slice(0, separatorIndex)
+}
+
+export function isTrustedTemplateProvider(
+  provider: string,
+  trustedProviders: readonly string[]
+) {
+  const normalizedProvider = provider.trim().toLowerCase()
+  if (!normalizedProvider) return true
+
+  return trustedProviders.some(
+    (trustedProvider) =>
+      trustedProvider.trim().toLowerCase() === normalizedProvider
+  )
+}
+
+export function getUntrustedTerminalTemplateProvider(
+  template: string,
+  trustedProviders: readonly string[]
+) {
+  const provider = getTerminalTemplateProvider(template)
+
+  if (!provider || isTrustedTemplateProvider(provider, trustedProviders)) {
+    return undefined
+  }
+
+  return provider
+}
diff --git a/src/features/dashboard/terminal/types.ts b/src/features/dashboard/terminal/types.ts
index e1ca2422d..c6c3052c5 100644
--- a/src/features/dashboard/terminal/types.ts
+++ b/src/features/dashboard/terminal/types.ts
@@ -13,8 +13,9 @@ export type StartTerminalOptions = {
 }
 
 export type PendingTerminalLaunch = {
-  command: string
+  command?: string
   target?: TerminalLaunchTarget
+  untrustedTemplateProvider?: string
 }
 
 export type TerminalLaunchTarget = {
diff --git a/tests/unit/dashboard-terminal.test.ts b/tests/unit/dashboard-terminal.test.ts
index 3558cb2c2..0ab66a3aa 100644
--- a/tests/unit/dashboard-terminal.test.ts
+++ b/tests/unit/dashboard-terminal.test.ts
@@ -7,6 +7,9 @@ import {
   writeStoredTerminalSession,
 } from '@/features/dashboard/terminal/storage'
 import {
+  getTerminalTemplateProvider,
+  getUntrustedTerminalTemplateProvider,
+  isTrustedTemplateProvider,
   normalizeTerminalTemplate,
   resolveTerminalTemplateOverride,
 } from '@/features/dashboard/terminal/template'
@@ -98,6 +101,36 @@ describe('dashboard terminal helpers', () => {
     })
   })
 
+  describe('terminal template providers', () => {
+    it('extracts the provider from namespaced templates only', () => {
+      expect(getTerminalTemplateProvider('e2b/base')).toBe('e2b')
+      expect(getTerminalTemplateProvider('some/team/name/of/template')).toBe(
+        'some/team/name/of'
+      )
+      expect(getTerminalTemplateProvider('base')).toBeNull()
+    })
+
+    it('matches trusted providers case-insensitively', () => {
+      expect(isTrustedTemplateProvider('e2b', [' E2B '])).toBe(true)
+      expect(isTrustedTemplateProvider('unknown', ['e2b'])).toBe(false)
+    })
+
+    it('requires review for namespaced templates from untrusted providers', () => {
+      expect(getUntrustedTerminalTemplateProvider('base', ['e2b'])).toBe(
+        undefined
+      )
+      expect(getUntrustedTerminalTemplateProvider('e2b/base', ['e2b'])).toBe(
+        undefined
+      )
+      expect(
+        getUntrustedTerminalTemplateProvider('malicious/e2b/base', ['e2b'])
+      ).toBe('malicious/e2b')
+      expect(
+        getUntrustedTerminalTemplateProvider('malicious/base', ['e2b'])
+      ).toBe('malicious')
+    })
+  })
+
   describe('stored terminal session', () => {
     it('round-trips session data by user and ignores invalid stored values', () => {
       writeStoredTerminalSession('user-123', {
diff --git a/tests/unit/feature-flags.test.ts b/tests/unit/feature-flags.test.ts
index 8f28651b7..2efcf3365 100644
--- a/tests/unit/feature-flags.test.ts
+++ b/tests/unit/feature-flags.test.ts
@@ -56,7 +56,7 @@ describe('createFeatureFlagService', () => {
     const provider = {
       evaluate: vi.fn().mockResolvedValue({
         getFlagValue: vi.fn().mockReturnValue(true),
-        getPayload: vi.fn(),
+        getPayload: vi.fn().mockReturnValue(['e2b']),
       }),
     }
 
@@ -68,6 +68,7 @@ describe('createFeatureFlagService', () => {
       FEATURE_FLAGS.isAdmin,
       FEATURE_FLAGS.newSandboxList,
       FEATURE_FLAGS.disableE2BAccessTokenProvisioning,
+      FEATURE_FLAGS.trustedTemplateProviders,
     ])
     expect(result).toEqual([
       {
@@ -104,8 +105,32 @@ describe('createFeatureFlagService', () => {
         defaultValue: false,
         value: true,
       },
+      {
+        id: 'trustedTemplateProviders',
+        key: 'trusted_template_providers',
+        kind: 'payload',
+        description:
+          'Template providers whose namespaced templates can auto-start dashboard terminals.',
+        defaultValue: [],
+        value: ['e2b'],
+      },
     ])
   })
+
+  it('falls back to a payload default when the provider returns invalid data', async () => {
+    const provider = {
+      evaluate: vi.fn().mockResolvedValue({
+        getFlagValue: vi.fn(),
+        getPayload: vi.fn().mockReturnValue(['e2b', 123]),
+      }),
+    }
+
+    const result = await createFeatureFlagService(provider).evaluateAll(context)
+
+    expect(
+      result.find((flag) => flag.id === 'trustedTemplateProviders')?.value
+    ).toEqual([])
+  })
 })
 
 describe('createOpenFeatureEvaluationContext', () => {
diff --git a/tests/unit/sbx-new-route.test.ts b/tests/unit/sbx-new-route.test.ts
new file mode 100644
index 000000000..704a34bb8
--- /dev/null
+++ b/tests/unit/sbx-new-route.test.ts
@@ -0,0 +1,52 @@
+import { NextRequest } from 'next/server'
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const { mockGetAuthContext, mockResolveUserTeam } = vi.hoisted(() => ({
+  mockGetAuthContext: vi.fn(),
+  mockResolveUserTeam: vi.fn(),
+}))
+
+vi.mock('@/core/server/auth', () => ({
+  getAuthContext: mockGetAuthContext,
+}))
+
+vi.mock('@/core/server/functions/team/resolve-user-team', () => ({
+  resolveUserTeam: mockResolveUserTeam,
+}))
+
+vi.mock('@/core/shared/clients/logger/logger', () => ({
+  l: {
+    warn: vi.fn(),
+  },
+  serializeErrorForLog: vi.fn((error) => error),
+}))
+
+describe('/sbx/new', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    mockGetAuthContext.mockResolvedValue({
+      accessToken: 'access-token',
+      user: {
+        id: 'user-123',
+      },
+    })
+    mockResolveUserTeam.mockResolvedValue({
+      id: 'team-123',
+      slug: 'team-slug',
+    })
+  })
+
+  it('redirects template launches to the gated team terminal create flow', async () => {
+    const { GET } = await import('@/app/sbx/new/route')
+
+    const response = await GET(
+      new NextRequest(
+        'https://dashboard.test/sbx/new?template=malicious/base&command=echo+hi'
+      )
+    )
+
+    expect(response.headers.get('location')).toBe(
+      'https://dashboard.test/dashboard/team-slug/terminal?template=malicious%2Fbase&command=echo+hi'
+    )
+  })
+})

From f2472d7e5777bc113229a271a3083f8bf654ed8c Mon Sep 17 00:00:00 2001
From: Matt Brockman <matt.brockman@e2b.dev>
Date: Thu, 25 Jun 2026 21:43:33 -0700
Subject: [PATCH 2/5] Preserve bare sandbox.new launches

---
 src/app/sbx/new/route.ts         | 27 ++++++++++++++++-
 tests/unit/sbx-new-route.test.ts | 52 ++++++++++++++++++++++++++++++--
 2 files changed, 75 insertions(+), 4 deletions(-)

diff --git a/src/app/sbx/new/route.ts b/src/app/sbx/new/route.ts
index 907289cf7..5b15056b3 100644
--- a/src/app/sbx/new/route.ts
+++ b/src/app/sbx/new/route.ts
@@ -1,4 +1,6 @@
+import Sandbox from 'e2b'
 import { type NextRequest, NextResponse } from 'next/server'
+import { authHeaders } from '@/configs/api'
 import { AUTH_URLS, PROTECTED_URLS } from '@/configs/urls'
 import { getAuthContext } from '@/core/server/auth'
 import { resolveUserTeam } from '@/core/server/functions/team/resolve-user-team'
@@ -8,6 +10,9 @@ import { normalizeTerminalTemplate } from '@/features/dashboard/terminal/templat
 export const GET = async (req: NextRequest) => {
   try {
     const requestUrl = new URL(req.url)
+    const shouldUseTerminalCreateFlow =
+      requestUrl.searchParams.has('template') ||
+      requestUrl.searchParams.has('command')
     const template = normalizeTerminalTemplate(
       requestUrl.searchParams.get('template') ?? undefined
     )
@@ -44,7 +49,27 @@ export const GET = async (req: NextRequest) => {
       terminalParams.set('command', command)
     }
 
-    const terminalUrl = PROTECTED_URLS.TERMINAL(team.slug)
+    if (shouldUseTerminalCreateFlow) {
+      return NextResponse.redirect(
+        new URL(
+          `${PROTECTED_URLS.TERMINAL(team.slug)}?${terminalParams.toString()}`,
+          req.url
+        )
+      )
+    }
+
+    const sbx = await Sandbox.create(template, {
+      apiUrl: process.env.NEXT_PUBLIC_INFRA_API_URL,
+      domain: process.env.NEXT_PUBLIC_E2B_DOMAIN,
+      apiHeaders: {
+        ...authHeaders(authContext.accessToken, team.id),
+      },
+    })
+
+    const terminalUrl = PROTECTED_URLS.SANDBOX_TERMINAL(
+      team.slug,
+      sbx.sandboxId
+    )
 
     return NextResponse.redirect(
       new URL(`${terminalUrl}?${terminalParams.toString()}`, req.url)
diff --git a/tests/unit/sbx-new-route.test.ts b/tests/unit/sbx-new-route.test.ts
index 704a34bb8..cea478a83 100644
--- a/tests/unit/sbx-new-route.test.ts
+++ b/tests/unit/sbx-new-route.test.ts
@@ -1,9 +1,17 @@
 import { NextRequest } from 'next/server'
 import { beforeEach, describe, expect, it, vi } from 'vitest'
 
-const { mockGetAuthContext, mockResolveUserTeam } = vi.hoisted(() => ({
-  mockGetAuthContext: vi.fn(),
-  mockResolveUserTeam: vi.fn(),
+const { mockGetAuthContext, mockResolveUserTeam, mockSandboxCreate } =
+  vi.hoisted(() => ({
+    mockGetAuthContext: vi.fn(),
+    mockResolveUserTeam: vi.fn(),
+    mockSandboxCreate: vi.fn(),
+  }))
+
+vi.mock('e2b', () => ({
+  default: {
+    create: mockSandboxCreate,
+  },
 }))
 
 vi.mock('@/core/server/auth', () => ({
@@ -32,8 +40,32 @@ describe('/sbx/new', () => {
     })
     mockResolveUserTeam.mockResolvedValue({
       id: 'team-123',
+      name: 'Team Name',
       slug: 'team-slug',
     })
+    mockSandboxCreate.mockResolvedValue({
+      sandboxId: 'sandbox-123',
+    })
+  })
+
+  it('keeps bare launches on the original sandbox terminal flow', async () => {
+    const { GET } = await import('@/app/sbx/new/route')
+
+    const response = await GET(
+      new NextRequest('https://dashboard.test/sbx/new')
+    )
+
+    expect(mockSandboxCreate).toHaveBeenCalledWith('base', {
+      apiUrl: process.env.NEXT_PUBLIC_INFRA_API_URL,
+      domain: process.env.NEXT_PUBLIC_E2B_DOMAIN,
+      apiHeaders: {
+        Authorization: 'Bearer access-token',
+        'X-Team-ID': 'team-123',
+      },
+    })
+    expect(response.headers.get('location')).toBe(
+      'https://dashboard.test/dashboard/team-slug/sandboxes/sandbox-123/terminal?template=base'
+    )
   })
 
   it('redirects template launches to the gated team terminal create flow', async () => {
@@ -48,5 +80,19 @@ describe('/sbx/new', () => {
     expect(response.headers.get('location')).toBe(
       'https://dashboard.test/dashboard/team-slug/terminal?template=malicious%2Fbase&command=echo+hi'
     )
+    expect(mockSandboxCreate).not.toHaveBeenCalled()
+  })
+
+  it('redirects command launches to the gated team terminal create flow', async () => {
+    const { GET } = await import('@/app/sbx/new/route')
+
+    const response = await GET(
+      new NextRequest('https://dashboard.test/sbx/new?command=echo+hi')
+    )
+
+    expect(response.headers.get('location')).toBe(
+      'https://dashboard.test/dashboard/team-slug/terminal?template=base&command=echo+hi'
+    )
+    expect(mockSandboxCreate).not.toHaveBeenCalled()
   })
 })

From 371e3157d13534213311c4c4b8fe0ce64d5620a1 Mon Sep 17 00:00:00 2001
From: Matt Brockman <matt.brockman@e2b.dev>
Date: Thu, 25 Jun 2026 21:45:35 -0700
Subject: [PATCH 3/5] Reset untrusted terminal template on cancel

---
 src/features/dashboard/terminal/dashboard-terminal.tsx | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/features/dashboard/terminal/dashboard-terminal.tsx b/src/features/dashboard/terminal/dashboard-terminal.tsx
index 9111eacd1..95d088702 100644
--- a/src/features/dashboard/terminal/dashboard-terminal.tsx
+++ b/src/features/dashboard/terminal/dashboard-terminal.tsx
@@ -548,6 +548,14 @@ export default function DashboardTerminal({
     ]
   )
 
+  const cancelPendingLaunch = useCallback(() => {
+    if (pendingLaunch?.untrustedTemplateProvider && !activeSandboxId) {
+      setTemplate('base')
+    }
+
+    setPendingLaunch(null)
+  }, [activeSandboxId, pendingLaunch])
+
   const reconnectTarget = sandboxScoped
     ? launchTarget
     : activeSandboxId
@@ -645,7 +653,7 @@ export default function DashboardTerminal({
 
       <DashboardTerminalCommandDialog
         launch={pendingLaunch}
-        onCancel={() => setPendingLaunch(null)}
+        onCancel={cancelPendingLaunch}
         onConfirm={confirmPendingLaunch}
       />
     </>

From ecf302a5b0699c8cee2998a9b37f96beb02162c8 Mon Sep 17 00:00:00 2001
From: Matt Brockman <matt.brockman@e2b.dev>
Date: Thu, 25 Jun 2026 21:46:53 -0700
Subject: [PATCH 4/5] Gate untrusted terminal restart templates

---
 .../dashboard/terminal/dashboard-terminal.tsx     | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/features/dashboard/terminal/dashboard-terminal.tsx b/src/features/dashboard/terminal/dashboard-terminal.tsx
index 95d088702..fa7a9f5e5 100644
--- a/src/features/dashboard/terminal/dashboard-terminal.tsx
+++ b/src/features/dashboard/terminal/dashboard-terminal.tsx
@@ -581,6 +581,19 @@ export default function DashboardTerminal({
       return
     }
 
+    const untrustedTemplateProvider = getUntrustedTerminalTemplateProvider(
+      template,
+      trustedTemplateProviders
+    )
+
+    if (untrustedTemplateProvider) {
+      setPendingLaunch({
+        target: { template },
+        untrustedTemplateProvider,
+      })
+      return
+    }
+
     void startTerminal({ forceNewSandbox: true })
   }, [
     getSandbox,
@@ -588,6 +601,8 @@ export default function DashboardTerminal({
     reconnectSandboxId,
     sandboxScoped,
     startTerminal,
+    template,
+    trustedTemplateProviders,
   ])
 
   useEffect(() => {

From d4259c521a1789292eaff16b7a3ba6482b4fb065 Mon Sep 17 00:00:00 2001
From: Matt Brockman <matt.brockman@e2b.dev>
Date: Thu, 25 Jun 2026 21:50:10 -0700
Subject: [PATCH 5/5] Fix untrusted restart confirmation

---
 src/features/dashboard/terminal/dashboard-terminal.tsx | 6 +++++-
 src/features/dashboard/terminal/types.ts               | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/features/dashboard/terminal/dashboard-terminal.tsx b/src/features/dashboard/terminal/dashboard-terminal.tsx
index fa7a9f5e5..21d6eaa55 100644
--- a/src/features/dashboard/terminal/dashboard-terminal.tsx
+++ b/src/features/dashboard/terminal/dashboard-terminal.tsx
@@ -511,6 +511,7 @@ export default function DashboardTerminal({
       const launchSandboxId = launchTarget?.sandboxId
 
       if (
+        normalizedCommand &&
         status === 'ready' &&
         template === launchTemplate &&
         (!launchSandboxId || activeSandboxId === launchSandboxId)
@@ -533,7 +534,9 @@ export default function DashboardTerminal({
       setPendingLaunch(null)
       pendingCommandsRef.current = normalizedCommand ? [normalizedCommand] : []
       void startTerminal({
-        forceNewSandbox: !launchSandboxId && template !== launchTemplate,
+        forceNewSandbox:
+          pendingLaunch.forceNewSandbox ??
+          (!launchSandboxId && template !== launchTemplate),
         target: launchTarget,
       })
     },
@@ -588,6 +591,7 @@ export default function DashboardTerminal({
 
     if (untrustedTemplateProvider) {
       setPendingLaunch({
+        forceNewSandbox: true,
         target: { template },
         untrustedTemplateProvider,
       })
diff --git a/src/features/dashboard/terminal/types.ts b/src/features/dashboard/terminal/types.ts
index c6c3052c5..1d983e7e9 100644
--- a/src/features/dashboard/terminal/types.ts
+++ b/src/features/dashboard/terminal/types.ts
@@ -14,6 +14,7 @@ export type StartTerminalOptions = {
 
 export type PendingTerminalLaunch = {
   command?: string
+  forceNewSandbox?: boolean
   target?: TerminalLaunchTarget
   untrustedTemplateProvider?: string
 }