The sandbox should support file-read restrictions, not only restricted writes and restricted network.
When harness-specific sandbox settings are available, mcp-repl should detect them and match them. Otherwise, a sensible default would be workspace-read.
This should also leave room for a future mcp-repl configuration layer that exposes sandbox options more explicitly.
Source: #28
The sandbox should support file-read restrictions, not only restricted writes and restricted network.
When harness-specific sandbox settings are available,
mcp-replshould detect them and match them. Otherwise, a sensible default would beworkspace-read.This should also leave room for a future
mcp-replconfiguration layer that exposes sandbox options more explicitly.Source: #28