Sandboxing
FreshSandboxing provides kernel-level isolation for terminal commands executed by the agent. This prevents commands from making unauthorized changes to your system.
Platform Implementation
| Platform | Technology |
|---|---|
| macOS | Seatbelt (sandbox-exec) |
| Linux | nsjail |
| Windows | Not currently supported |
WARNING
Sandboxing is disabled by default. You must explicitly enable it in settings.
Settings
| Setting | Description |
|---|---|
| Enable Terminal Sandboxing | Turns on kernel-level isolation for all terminal commands |
| Sandbox Allow Network | Controls whether sandboxed commands can access the network |
Restrictions
When sandboxing is enabled:
- File writes are limited to the workspace directory and essential system locations only
- Network access is independently controllable via the Sandbox Allow Network setting
- Commands cannot modify system files or access directories outside the workspace
Handling Violations
When a sandboxed command violates a restriction, you have two options:
- Disable permanently -- Turn off sandboxing entirely
- Bypass per-command -- In Request Review mode, approve individual commands to bypass sandbox restrictions
Strict Mode Integration
When Strict Mode is enabled:
- Sandboxing is auto-enabled
- Network access is denied by default
TIP
For maximum security, enable both Strict Mode and Sandboxing. This provides workspace isolation at the file system level and kernel-level isolation for terminal commands.