Add enableSandbox setting and CLI flag to wrap ScriptEnvironment commands in macOS seatbelt

[Copilot]

• Understand codebase structure
• Add enableSandbox setting to schema.json (defaults to false)
• Modify ScriptEnvironment to use seatbelt on macOS when enabled
• Address code review feedback (macOS naming, security fix)
• Make sandbox more restrictive per reviewer feedback:
  • Project folder (project_cwd) is allowed read-write
  • Yarn global folder is allowed read-only
  • All other file operations are denied by default
• Add path escaping for sandbox profile to handle special characters
• Add inline documentation for allowed sandbox actions
• Add -s,--sandbox CLI flag to yarn run command for opt-in sandboxing

Sandbox Profile

The sandbox uses a restrictive profile:

• Denies everything by default
• Project folder (project_cwd) has read-write access
• Yarn global folder has read-only access
• No other folders are allowed by default
• Paths are properly escaped to prevent profile syntax errors

Allowed Actions (with documentation)

(version 1)
(deny default)
(allow process-fork)   ; Allow forking child processes (required for running scripts)
(allow process-exec)   ; Allow executing programs (required for running binaries)
(allow sysctl-read)    ; Allow reading system configuration (required by Node.js)
(allow mach-lookup)    ; Allow Mach IPC service lookups (required for system services on macOS)
(allow signal)         ; Allow sending/receiving POSIX signals between processes
(allow ipc-posix*)     ; Allow POSIX IPC: pipes, shared memory, semaphores (required for process communication)

; Allow read-write access to project folder
(allow file-read* (subpath "/path/to/project"))
(allow file-write* (subpath "/path/to/project"))

; Allow read-only access to Yarn global folder
(allow file-read* (subpath "/path/to/global"))

Usage

Sandboxing is disabled by default and can be enabled in two ways:

Via configuration (.yarnrc.yml):

enableSandbox: true

Via CLI flag (for one-off execution):

yarn run -s <script>
yarn run --sandbox <script>

Original prompt

Add a project setting that wraps commands evaluated in ScriptEnvironment in OSX's seatbelt. It should be enabled by default on OSX.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

---

Note

Adds an enableSandbox setting (default true on macOS) and wraps ScriptEnvironment commands with macOS sandbox-exec using a restrictive, escaped profile.

• Config:
  • Add enableSandbox boolean to packages/zpm-config/schema.json (default: crate::is_macos()), with new helper is_macos() in src/fns.rs.
• Runtime (ScriptEnvironment):
  • Add fields enable_sandbox, project_cwd, global_folder; populate from project.config.settings.
  • On macOS, conditionally execute via sandbox-exec with generated restrictive profile:
    • Project project_cwd: read-write; global_folder and ~/.yarn: read-only; system dirs: read-only; default deny.
    • Escape paths in profile to handle special characters.
  • Adjust run_exec to wrap args/program accordingly and report spawn errors with the actual invoked program.

^{Written by Cursor Bugbot for commit 14766ef. This will update automatically on new commits. Configure here.}

[netlify]

✅ Deploy Preview for yarn6 ready!

Name	Link
🔨 Latest commit	022e9fe
🔍 Latest deploy log	https://app.netlify.com/projects/yarn6/deploys/693d6cea9bc7c00008c27aa7
😎 Deploy Preview	https://deploy-preview-139--yarn6.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[arcanis]

The Yarn global folder (path obtained from the project instance) should be accessible in read-only. The project folder (project_cwd) is allowed to be read-write. No other folder is allowed by default.

[arcanis]

@copilot The Yarn global folder (path obtained from the project instance) should be accessible in read-only. The project folder (project_cwd) is allowed to be read-write. No other folder is allowed by default.

[Copilot]

@copilot The Yarn global folder (path obtained from the project instance) should be accessible in read-only. The project folder (project_cwd) is allowed to be read-write. No other folder is allowed by...

Updated the sandbox profile in c4195ed. The sandbox is now more restrictive:

• Denies everything by default ((deny default))
• Project folder (project_cwd) has read-write access
• Yarn global folder has read-only access
• No other folders are allowed

[arcanis]

@copilot you allowed some other actions. Please add a single line of documentation in the code, and describe in more details what they are for in your next post.

[Copilot]

@copilot you allowed some other actions. Please add a single line of documentation in the code, and describe in more details what they are for in your next post.

Added inline documentation in 2332d3b. Here's what each allowed action is for:

• process-fork: Allows forking child processes - required because scripts often spawn subprocesses
• process-exec: Allows executing programs - required to run the actual script binaries (node, bash, etc.)
• sysctl-read: Allows reading system configuration - Node.js queries system info on startup (e.g., CPU count, memory)
• mach-lookup: Allows Mach IPC service lookups - required on macOS to communicate with system services (e.g., security framework, DNS resolution)
• signal: Allows sending/receiving POSIX signals - required for process lifecycle management (SIGTERM, SIGINT, etc.)
• ipc-posix*: Allows POSIX IPC (pipes, shared memory, semaphores) - required for communication between parent and child processes

[arcanis]

@BugBot review

[arcanis]

@BugBot review

[cursor]

✅ Bugbot reviewed your changes and found no bugs!

---

[arcanis]

Let's make the enableSandbox setting false by default (even on OSX). We'll also add a -s,--sandbox flag to yarn run to enable it from the CLI.

[arcanis]

@copilot Let's make the enableSandbox setting false by default (even on OSX). We'll also add a -s,--sandbox flag to yarn run to enable it from the CLI.

[Copilot]

@copilot Let's make the enableSandbox setting false by default (even on OSX). We'll also add a -s,--sandbox flag to yarn run to enable it from the CLI.

Done in 022e9fe. Changes made:

• enableSandbox now defaults to false (was crate::is_macos())
• Added -s,--sandbox flag to yarn run command
• Added enable_sandbox() method to ScriptEnvironment for CLI control

Users can now enable sandbox via:

• Config: enableSandbox: true in .yarnrc.yml
• CLI: yarn run -s <script> or yarn run --sandbox <script>