Skip to content

Sandboxing

Fresh

Sandboxing provides kernel-level isolation for terminal commands executed by the agent. This prevents commands from making unauthorized changes to your system.

Platform Implementation

PlatformTechnology
macOSSeatbelt (sandbox-exec)
Linuxnsjail
WindowsNot currently supported

WARNING

Sandboxing is disabled by default. You must explicitly enable it in settings.

Settings

SettingDescription
Enable Terminal SandboxingTurns on kernel-level isolation for all terminal commands
Sandbox Allow NetworkControls whether sandboxed commands can access the network

Restrictions

When sandboxing is enabled:

  • File writes are limited to the workspace directory and essential system locations only
  • Network access is independently controllable via the Sandbox Allow Network setting
  • Commands cannot modify system files or access directories outside the workspace

Handling Violations

When a sandboxed command violates a restriction, you have two options:

  1. Disable permanently -- Turn off sandboxing entirely
  2. Bypass per-command -- In Request Review mode, approve individual commands to bypass sandbox restrictions

Strict Mode Integration

When Strict Mode is enabled:

  • Sandboxing is auto-enabled
  • Network access is denied by default

TIP

For maximum security, enable both Strict Mode and Sandboxing. This provides workspace isolation at the file system level and kernel-level isolation for terminal commands.

SOP Documentation Site