feat: support per-command enableWeakerNetworkIsolation as safer alternative to dangerouslyDisableSandbox

Resolved 💬 2 comments Opened May 28, 2026 by lightcap Closed Jun 1, 2026

Summary

enableWeakerNetworkIsolation is a sandbox setting that opens the Mach IPC channel to com.apple.trustd.agent, allowing Go binaries (gh, terraform, kubectl, etc.) to perform TLS certificate verification via macOS Security.framework. It's currently a session-level setting in settings.json that applies to all commands.

It would be useful if this could be toggled per-command, similar to how dangerouslyDisableSandbox works as a parameter on the Bash tool.

Motivation

When a Go CLI tool fails with x509: OSStatus -26276 in the sandbox, the current options are:

  1. enableWeakerNetworkIsolation: true in settings.json — opens the trustd IPC channel for ALL commands in the session. Very narrow permission (just one IPC channel), but always-on.
  2. dangerouslyDisableSandbox: true per command — drops ALL sandbox protections (filesystem + network) for that one command.

Option 2 is dramatically less secure than option 1, but it's the only one with per-command granularity. A per-command enableWeakerNetworkIsolation would give users the best of both worlds: narrow permission scope AND per-command control.

Constraints

macOS Seatbelt profiles are applied at process launch and can't be loosened at runtime, so this may require an architectural approach (e.g., pre-apply the weaker profile but gate the IPC channel behind a runtime permission check, or spawn a helper process with the weaker profile only when requested).

Current workaround

Set enableWeakerNetworkIsolation: true in .claude/settings.local.json as documented at https://docs.codezero.io/guides/claude-code#go-based-tools-gh-terraform-kubectl-gcloud

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗