QwenLM · grepsuzette · Sep 8, 2025
diff --git a/docs/sandbox.md b/docs/sandbox.md
@@ -77,6 +77,8 @@ Built-in profiles (set via `SEATBELT_PROFILE` env var):
 - `restrictive-open`: Strict restrictions, network allowed
 - `restrictive-closed`: Maximum restrictions
 
+For custom profiles, the system first looks for a file `.qwen/sandbox-macos-<profile>.sb` under your project settings directory. If not found there, it will check for the file in your user settings directory at `~/.qwen/sandbox-macos-<profile>.sb`.
+
 ### Custom Sandbox Flags
 
 For container-based sandboxing, you can inject custom flags into the `docker` or `podman` command using the `SANDBOX_FLAGS` environment variable. This is useful for advanced configurations, such as disabling security features for specific use cases.

diff --git a/packages/cli/src/utils/sandbox.ts b/packages/cli/src/utils/sandbox.ts
@@ -209,6 +209,13 @@ export async function start_sandbox(
           `sandbox-macos-${profile}.sb`,
         );
       }
+      // if not found, look for file under user settings directory
+      if (!fs.existsSync(profileFile)) {
+        profileFile = path.join(
+          USER_SETTINGS_DIR,
+          `sandbox-macos-${profile}.sb`,
+        );
+      }
       if (!fs.existsSync(profileFile)) {
         console.error(
           `ERROR: missing macos seatbelt profile file '${profileFile}'`,