Sandbox blocks macOS Security.framework trustd IPC, breaking all Go binaries (gh, terraform, tofu)
Problem
All Go-based CLI tools (gh, terraform, tofu, and any custom Go binary) fail with TLS certificate verification errors when run inside Claude Code's sandbox on macOS:
Get "https://api.github.com/user": tls: failed to verify certificate: x509: OSStatus -26276
curl and other tools using OpenSSL/LibreSSL work fine in the same sandbox.
Root Cause
Go's crypto/x509 on macOS (since Go 1.21+) always uses SecTrustEvaluateWithError() from Security.framework for TLS certificate verification. This function communicates with the trustd daemon via Mach IPC (XPC). Claude Code's sandbox-exec profile blocks this Mach port lookup, causing errSecInternalComponent (OSStatus -26276).
Key details:
curlworks because it uses OpenSSL/LibreSSL which reads/private/etc/ssl/cert.pemdirectly — no IPC needed- Go has no fallback to file-based cert roots on macOS (
GODEBUG=x509usefallbackroots=1requiresSetFallbackRoots()to be called by the program,SSL_CERT_FILEis ignored,CGO_ENABLED=0doesn't help since Go usespuregosyscalls not cgo) - This affects every Go binary that makes HTTPS connections — not just
gh
Reproduction
# Inside Claude Code sandbox (default, no dangerouslyDisableSandbox):
gh api user
# → tls: failed to verify certificate: x509: OSStatus -26276
# Minimal Go program reproduces the same:
# tls.DialWithDialer(&net.Dialer{}, "tcp", "api.github.com:443", &tls.Config{})
# → same error
# Outside sandbox (dangerouslyDisableSandbox: true):
gh api user
# → works fine
Suggested Fix
Add com.apple.trustd to the allowed Mach service lookups in the macOS sandbox profile:
(allow mach-lookup (global-name "com.apple.trustd"))
Security Assessment
trustdis a read-only trust evaluation service — it validates certificate chains against the system trust store, checks OCSP revocation, and enforces CT policies- It cannot be used to install certificates, modify the trust store, or bypass certificate pinning
- The sandbox already allows network connections to whitelisted hosts — blocking
trustddoesn't prevent network access, it just prevents Go programs from doing it securely via TLS - The current behavior forces users to use
dangerouslyDisableSandbox: truefor everygh/terraformcommand, which removes all sandbox protections — allowing justtrustdis strictly more secure
Environment
- macOS Darwin 25.3.0 (arm64)
- Claude Code (latest)
- Go 1.25.3
- gh 2.87.3
- Confirmed the sandbox uses
sandbox-exec(nestedsandbox-execfails with "Operation not permitted")
Affected Tools
Any Go binary making HTTPS calls, including:
gh(GitHub CLI)terraform/tofu(infrastructure as code)gotoolchain itself (module downloads)- Custom Go services
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗