top | item 47064766

(no title)

e1g | 11 days ago

I haven’t found an easy way, but I have a working theory -

sandbox-exec cannot filter based on domain names, but it can restrict outbound network connections to a specific IP/port (and drop the rest). If I can run a proxy on localhost:19999, I can allow agents to connect through it and filter connections by hostname. From my research, most agents support $HTTP_PROXY, so I'll try redirecting their HTTP requests through my security proxy. IIRC, if I do this at the CONNECT level, I don't need to MITM their traffic nor require a trusted root cert.

Recently, Codex CLI implemented something like DNS filtering for their sandbox, so I'd investigate their repo.

discuss

danw1979|11 days ago

Some commercial firewalls will snoop on the SNI header in TLS requests and send a RST towards the client if the hostname isn’t on a whitelist. Reasonably effective. If there’s a way with the macos sandboxing to intercept socket connections you might find some proxy software that already supports this.

the HTTP_PROXY approach might be simpler though.