1# Remaining Code Review Items — `local-sandboxing`
 2
 3Items from the original review that have been addressed are not listed here.
 4Only items that are still present in the current code are included.
 5
 6---
 7
 8## 1. Dotfile lists are incomplete
 9
10**Files:** `crates/sandbox/src/sandbox_macos.rs` and `sandbox_linux.rs`
11
12The hardcoded dotfile lists cover zsh, bash, and a few generic files but miss:
13
14- **Shell history files** (`.bash_history`, `.zsh_history`) — if the shell
15  can't write history, users will get silent failures or error messages on
16  every command. Read-write access to these is likely needed.
17- **Fish shell** — fish config lives in `~/.config/fish/`, which is partially
18  covered by the `~/.config` subpath rule but only if `~/.config` exists.
19- **Nushell, PowerShell, elvish** — no coverage at all.
20
21The lists are also in different orders between the two files, adding
22maintenance overhead for no benefit.
23
24**Fix:** Extract the dotfile list to a shared constant (e.g., on
25`SandboxConfig`) so both platform implementations use the same list. Consider
26adding history files with read-write access rather than read-only.
27
28---
29
30## 2. `/proc/self` only gets read access on Linux
31
32**File:** `crates/sandbox/src/sandbox_linux.rs`, line ~132
33
34Bash process substitution (e.g., `<(command)`) creates FIFOs under
35`/proc/self/fd/`. These FIFOs need write access — the shell writes to them.
36The current `fs_read()` permission may cause process substitution to fail.
37
38**Fix:** Grant `fs_all()` (or at least read+write) on `/proc/self` instead of
39`fs_read()`.
40
41---
42
43## 3. macOS: `$TMPDIR` grants broad access via `/var/folders`
44
45**File:** `crates/sandbox/src/sandbox.rs` (default read-write paths in
46`ResolvedSystemPaths::default_read_write`)
47
48The default macOS read-write paths include `/var/folders`, which is
49the parent of every user's per-session temp directory. This means the sandbox
50grants read-write access to all temp files on the system, not just the
51current user's.
52
53A tighter approach would resolve `$TMPDIR` at spawn time (which gives the
54per-user, per-session temp directory like
55`/private/var/folders/xx/xxxx/T/`) and only allow that specific
56subdirectory. This would still let the shell use temp files but prevent
57access to other users' temp directories.