Comment by e1g
18 hours ago
Safehouse author here - glad you found it helpful. It didn't even occur to me to add --offline mode because my mental model is anchored in agents which often require network access. Until we add this, the easiest option is to create a custom policy and then reference it with Safehouse (I usually setup shell aliases/funciton for this)
;; in ~/.config/agent-safehouse/no-network.sb
(deny network*)
safehouse --append-profile="$HOME/.config/agent-safehouse/no-network.sb" -- <command>
Hello! I was definitely not looking to block all network access. I would want to maintain a whitelist of hosts and IPs. I don't know if that's possible?
Unfortunately, no, MacOS sandboxing does not allow that type of blocking. Only broad categories like "local" vs "remote", but no selective targeting based on domain names or IPs.