Here's my ruleset https://gist.github.com/eugene1g/ad3ff9783396e2cf35354689cc6...
My goal is to prevent Claude from blowing up my computer by erasing things it shouldn't touch. So the philosophy of my sanboxing is "You get write access to $allowlist, and read access to everything except for $blocklist".
I'm not concerned about data exfiltration, as implementing it well in a dev tool is too difficult, so my rules are limited to blocking highly sensitive folders by name.
That's neat. I'm going to base my ruleset off of yours. I've been messing around with claude more and more lately and I need to do something.