feat: support per-command enableWeakerNetworkIsolation as safer alternative to dangerouslyDisableSandbox
Summary
enableWeakerNetworkIsolation is a sandbox setting that opens the Mach IPC channel to com.apple.trustd.agent, allowing Go binaries (gh, terraform, kubectl, etc.) to perform TLS certificate verification via macOS Security.framework. It's currently a session-level setting in settings.json that applies to all commands.
It would be useful if this could be toggled per-command, similar to how dangerouslyDisableSandbox works as a parameter on the Bash tool.
Motivation
When a Go CLI tool fails with x509: OSStatus -26276 in the sandbox, the current options are:
enableWeakerNetworkIsolation: truein settings.json — opens the trustd IPC channel for ALL commands in the session. Very narrow permission (just one IPC channel), but always-on.dangerouslyDisableSandbox: trueper command — drops ALL sandbox protections (filesystem + network) for that one command.
Option 2 is dramatically less secure than option 1, but it's the only one with per-command granularity. A per-command enableWeakerNetworkIsolation would give users the best of both worlds: narrow permission scope AND per-command control.
Constraints
macOS Seatbelt profiles are applied at process launch and can't be loosened at runtime, so this may require an architectural approach (e.g., pre-apply the weaker profile but gate the IPC channel behind a runtime permission check, or spawn a helper process with the weaker profile only when requested).
Current workaround
Set enableWeakerNetworkIsolation: true in .claude/settings.local.json as documented at https://docs.codezero.io/guides/claude-code#go-based-tools-gh-terraform-kubectl-gcloud
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗