evawong-oai 0670d8971a Enforce workspace metadata protections in Seatbelt (#19847) ...

## Summary

Translate FileSystemSandboxPolicy project root metadata carveouts into
macOS Seatbelt rules.

## Scope

1. Thread protected metadata names into Seatbelt access roots.
2. Ask FileSystemSandboxPolicy whether each metadata carveout is
writable.
3. Emit Seatbelt deny rules that block creating or replacing protected
metadata names under writable roots.
4. Add coverage for first time metadata creation and read only
carveouts.

## Reviewer Focus

1. This PR only covers the macOS sandbox adapter.
2. The policy decision comes from FileSystemSandboxPolicy.
3. Read only subpath carveouts and metadata protection checks should
compose cleanly.

## Stack

1. Policy primitive: #19846
2. macOS Seatbelt adapter: this PR
3. Shell preflight UX: #19848
4. Runtime profile propagation: #19849
5. Linux bubblewrap adapter: #19852

## Validation

1. formatting for codex sandboxing
2. codex sandboxing package tests

2026-04-28 10:13:00 -07:00

..

src

Enforce workspace metadata protections in Seatbelt (#19847)

2026-04-28 10:13:00 -07:00

BUILD.bazel

Move macOS sandbox builders into codex-sandboxing (#15593)

2026-03-23 21:26:35 -07:00

Cargo.toml

feat(sandbox): add glob deny-read platform enforcement (#18096)

2026-04-16 17:35:16 -07:00