Summary
The sandbox profile in agent/tools/exec/policy/sandbox.ts does not allow writes to macOS's temp directory ($TMPDIR, typically /private/var/folders/...). Bun requires write access to this directory for its runtime cache.
This breaks built-in hub tools like greg hub notion since they are Bun-based CLIs. Users get a sandbox violation when Greg tries to exec them.
Expected behavior
Built-in hub tools should work out of the box without requiring manual sandbox patches.
Fix
Add write access to $TMPDIR in createProfile() in agent/tools/exec/policy/sandbox.ts:
const tmpdir = process.env.TMPDIR ?? '/private/var/folders';
// ...
`(allow file-write* (subpath "${tmpdir}"))`,This scopes the write access to the current user's temp folder only, which is more targeted than allowing all of /private/var/folders.
Summary
The sandbox profile in
agent/tools/exec/policy/sandbox.tsdoes not allow writes to macOS's temp directory ($TMPDIR, typically/private/var/folders/...). Bun requires write access to this directory for its runtime cache.This breaks built-in hub tools like
greg hub notionsince they are Bun-based CLIs. Users get a sandbox violation when Greg tries to exec them.Expected behavior
Built-in hub tools should work out of the box without requiring manual sandbox patches.
Fix
Add write access to
$TMPDIRincreateProfile()inagent/tools/exec/policy/sandbox.ts:This scopes the write access to the current user's temp folder only, which is more targeted than allowing all of
/private/var/folders.