feat: add strict seatbelt profiles and remove unusable closed profiles (#18876)

2026-03-10 14:10:37 -07:00 · 2026-02-12 10:33:54 -08:00
parent 2d38623472
commit 2e91c03e08
8 changed files with 193 additions and 48 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -408,12 +408,13 @@ On macOS, `gemini` uses Seatbelt (`sandbox-exec`) under a `permissive-open`
 profile (see `packages/cli/src/utils/sandbox-macos-permissive-open.sb`) that
 restricts writes to the project folder but otherwise allows all other operations
 and outbound network traffic ("open") by default. You can switch to a
-`restrictive-closed` profile (see
-`packages/cli/src/utils/sandbox-macos-restrictive-closed.sb`) that declines all
-operations and outbound network traffic ("closed") by default by setting
-`SEATBELT_PROFILE=restrictive-closed` in your environment or `.env` file.
-Available built-in profiles are `{permissive,restrictive}-{open,closed,proxied}`
-(see below for proxied networking). You can also switch to a custom profile
+`strict-open` profile (see
+`packages/cli/src/utils/sandbox-macos-strict-open.sb`) that restricts both reads
+and writes to the working directory while allowing outbound network traffic by
+setting `SEATBELT_PROFILE=strict-open` in your environment or `.env` file.
+Available built-in profiles are `permissive-{open,proxied}`,
+`restrictive-{open,proxied}`, and `strict-{open,proxied}` (see below for proxied
+networking). You can also switch to a custom profile
 `SEATBELT_PROFILE=<profile>` if you also create a file
 `.gemini/sandbox-macos-<profile>.sb` under your project settings directory
 `.gemini`.