macOS sandbox config for Claude that restricts read access to filesystemgithub.com/neko-kai2 pointspshirshov7 months ago