fix(core) allow loopback by default in sandbox

codex-rs/core/src/seatbelt_base_policy.sbpl

@@ -18,6 +18,14 @@
 ; process-info
 (allow process-info* (target same-sandbox))
 
+; Allow loopback-only sockets for local servers/clients.
+(allow network-bind
+  (local ip "localhost:*"))
+(allow network-inbound
+  (local ip "localhost:*"))
+(allow network-outbound
+  (remote ip "localhost:*"))
+
 (allow file-write-data
   (require-all
     (path "/dev/null")

codex-rs/core/src/seatbelt_network_policy.sbpl

@@ -1,6 +1,9 @@
 ; when network access is enabled, these policies are added after those in seatbelt_base_policy.sbpl
 ; Ref https://source.chromium.org/chromium/chromium/src/+/main:sandbox/policy/mac/network.sb;drc=f8f264d5e4e7509c913f4c60c2639d15905a07e4
 
+(allow network-bind
+  (local ip "localhost:*"))
+
 (allow network-outbound)
 (allow network-inbound)
 (allow system-socket)