@mastra/core
Version:
45 lines • 1.76 kB
TypeScript
/**
* Seatbelt (macOS sandbox-exec)
*
* macOS built-in sandboxing using sandbox-exec with SBPL profiles.
*
* Important: Uses `-p` (inline profile) instead of `-f` (file) because
* `-f` doesn't work reliably with path filters on modern macOS.
*
* Note on macOS sandbox limitations:
* - `(allow file-read* (subpath ...))` only works WITH a preceding `(allow file-read*)`
* - So for reads: allow all, then deny specific paths
* - For writes: allow specific paths with subpath filters
*
* Based on the approach used by Claude Code's sandbox-runtime:
* https://github.com/anthropic-experimental/sandbox-runtime
*/
import type { NativeSandboxConfig } from './types.js';
/**
* Generate a seatbelt profile for the given configuration.
*
* The profile:
* - Allows all file reads (can't restrict with subpath on macOS)
* - Restricts file writes to workspace and temp directories
* - Blocks network unless explicitly allowed
*
* @param workspacePath - The workspace directory to allow write access to
* @param config - Additional sandbox configuration
* @returns The generated SBPL profile content
*/
export declare function generateSeatbeltProfile(workspacePath: string, config: NativeSandboxConfig): string;
/**
* Build the command arguments for sandbox-exec.
*
* Uses `-p` (inline profile) instead of `-f` (file) because
* `-f` doesn't work reliably with path filters on modern macOS.
*
* @param command - The full shell command string to run
* @param profile - The SBPL profile content (not a file path)
* @returns Wrapped command and arguments for sandbox-exec
*/
export declare function buildSeatbeltCommand(command: string, profile: string): {
command: string;
args: string[];
};
//# sourceMappingURL=seatbelt.d.ts.map