Pick your coding agents, optional capabilities, and file system access in plain language. The builder creates a sandbox policy you can copy or download without hand-editing policy files. View policy modules on GitHub.
Always on
Optional
Absolute paths only: ~ is supported and expands to your HOME_DIR value.
Principle of least privilege: keep write access narrow to reduce accidental damage.
SSH auth for git upstreams: grant only the single private key file your remotes use, not all of ~/.ssh.
Required field.
Optional. Leave blank to avoid automatic workdir write access.
Optional. Set the exact private key file used for git upstream auth.
0 read-only paths
0 read/write paths
This text is appended last and can override earlier rules. Use only if you know exactly what you need.
No overlay set.
my-safehouse.sb.sandbox-exec -f my-safehouse.sb -- <command>.bash /path/to/create-safehouse-desktop-launchers.command.safehouse --stdout if needed.Ready. Select options and click "Generate policy".
Included modules: —
# Choose options, then click "Generate policy".Choose the shell syntax for the persistent helper functions below.
Shortcut snippet targets ~/.zshrc or ~/.bashrc using zsh / bash syntax.
# Choose a shell target above, then click "Generate policy".;; Policy output will appear here.