acmcarther/qwen-code
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 6
qwen-code/packages/cli/src/utils/sandbox-macos-minimal.sb

16 lines
346 B
Text
Raw Normal View History

use seatbelt on macos, with two profiles: minimal (default) which only restricts writes, and strict, which is deny-by-default and only allows specific operations (#283)
2025-05-07 20:03:29 -07:00
(version 1)
;; allow everything by default
(allow default)
;; deny all writes EXCEPT under project directory, temp directory, stdout/stderr and /dev/null
(deny file-write*)
(allow file-write*
(subpath (param "TARGET_DIR"))
(subpath (param "TMP_DIR"))
(literal "/dev/stdout")
(literal "/dev/stderr")
(literal "/dev/null")
)
Reference in a new issue Copy permalink