adjust seatbelt to allow write into specific dirs under user home (#289)

packages/cli/src/utils/sandbox-macos-minimal.sb

@@ -3,13 +3,14 @@
 ;; allow everything by default
 (allow default)
 
-;; deny all writes EXCEPT under project directory, temp directory, stdout/stderr and /dev/null
+;; deny all writes EXCEPT under specific paths
 (deny file-write*)
 (allow file-write*
     (subpath (param "TARGET_DIR"))
     (subpath (param "TMP_DIR"))
+    (subpath (string-append (param "HOME_DIR") "/.gemini"))
+    (subpath (string-append (param "HOME_DIR") "/.npm"))
     (literal "/dev/stdout")
     (literal "/dev/stderr")
     (literal "/dev/null")
 )
-

packages/cli/src/utils/sandbox-macos-strict.sb

@@ -66,6 +66,8 @@
 (allow file-write*
     (subpath (param "TARGET_DIR"))
     (subpath (param "TMP_DIR"))
+    (subpath (string-append (param "HOME_DIR") "/.gemini"))
+    (subpath (string-append (param "HOME_DIR") "/.npm"))
     (literal "/dev/stdout")
     (literal "/dev/stderr")
     (literal "/dev/null")

packages/cli/src/utils/sandbox.ts

@@ -145,9 +145,11 @@ export async function start_sandbox(sandbox: string) {
     process.env.SEATBELT_PROFILE ??= 'minimal';
     const args = [
       '-D',
-      `TARGET_DIR=${process.cwd()}`,
+      `TARGET_DIR=${fs.realpathSync(process.cwd())}`,
       '-D',
       `TMP_DIR=${fs.realpathSync(os.tmpdir())}`,
+      '-D',
+      `HOME_DIR=${fs.realpathSync(os.homedir())}`,
       '-f',
       new URL(
         `sandbox-macos-${process.env.SEATBELT_PROFILE}.sb`,