Implement sandbox feature for macOS (based on seatbelt) #69
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- CLI and run configs now accept/persist sandbox policies, and README/docs describe the flags. - Session configs/tests carry sandbox settings, and command execution is wrapped by the new SandboxedCommandExecutor to honor policies. - Utility modules and docs were updated to reflect the new crate boundaries and sandbox scaffolding.
... already given in lib.rs before including the module.
- Added a real macOS seatbelt pipeline: SandboxedCommandExecutor now wraps restricted policies by spawning
/usr/bin/sandbox-exec with a generated SBPL derived from SessionConfig.sandbox_policy. See
crates/code_assistant/src/utils/sandboxed_executor.rs and the new policy builder in crates/sandbox/src/seatbelt.rs (+
embedded .sbpl profiles). Non-macOS hosts still fall back with a warning. - Covered the new behavior with integration
tests in crates/code_assistant/src/tests/sandbox_tests.rs, verifying read-only denial, workspace-root allowance, and
path-escape blocking. - Exposed sandbox selection end-to-end in the GPUI: a new SandboxSelector component
(crates/code_assistant/src/ui/gpui/sandbox_selector.rs) sits beside the model selector, InputArea emits SandboxChanged,
backend persists it via the new BackendEvent::ChangeSandboxPolicy, SessionManager stores it, and UI updates arrive
through UiEvent::UpdateSandboxPolicy. RootView keeps the dropdown in sync per session, and terminal/ACP backends handle
the new responses. Key wiring touches include crates/code_assistant/src/ui/backend.rs,
crates/code_assistant/src/session/manager.rs, crates/code_assistant/src/ui/gpui/{input_area.rs,root.rs,mod.rs},
crates/code_assistant/src/ui/ui_events.rs, and terminal state.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.