[S7] Add sandbox execution for loop processes (bubblewrap + sandbox-exec)

## Summary

Add optional sandboxing for the coding agent child processes spawned during `/run`, restricting filesystem and network access to reduce risk from autonomous AI code execution.

## Problem / Context

When Wiggum runs an autonomous coding loop, the spawned agent has full access to the filesystem, network, and system. As loops run longer and with less supervision (especially with parallel execution from S5), the blast radius of a misbehaving agent increases. Competitors already support bubblewrap (Linux) and sandbox-exec/Seatbelt (macOS) sandboxing. Enterprise and security-conscious users will expect this as a trust signal for production use.

**Roadmap phase:** Phase 7 — SHIP ("Production-ready, enterprise-trustworthy")

## Proposed Solution

### Platform Support

| Platform | Sandbox | Method |
|----------|---------|--------|
| Linux | bubblewrap (`bwrap`) | Wrap agent command in `bwrap` with restricted paths |
| macOS | sandbox-exec (Seatbelt) | Generate `.sb` profile, wrap agent command |

### Configuration

```javascript
// ralph.config.cjs
module.exports = {
  sandbox: {
    enabled: true,
    allowNetwork: false,
    allowPaths: ['./src', './tests', '.ralph'],
    denyPaths: ['~/.ssh', '~/.aws', '~/.config'],
    readOnlyPaths: ['/usr', '/bin'],
  }
}
```

### Auto-Detection
- Detect available sandbox runtime per platform
- Graceful fallback to unsandboxed execution with warning
- `wiggum doctor` reports sandbox availability

## Files to Modify

| File | Changes |
|------|---------|
| `src/sandbox/` (new) | Sandbox manager, platform detection, profile generation |
| `src/commands/run.ts` | Wrap agent spawn in sandbox when enabled |
| `src/generator/templates.ts` | Add sandbox config to `ralph.config.cjs` template |

## Acceptance Criteria

- [ ] `--sandbox` flag wraps agent process in platform-appropriate sandbox
- [ ] bubblewrap support on Linux with configurable allow/deny paths
- [ ] sandbox-exec support on macOS with generated Seatbelt profile
- [ ] Network access configurable (allow/deny)
- [ ] Auto-detection of available sandbox with fallback + warning
- [ ] `wiggum doctor` reports sandbox availability
- [ ] Documentation for sandbox configuration

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[S7] Add sandbox execution for loop processes (bubblewrap + sandbox-exec) #96

Summary

Problem / Context

Proposed Solution

Platform Support

Configuration

Auto-Detection

Files to Modify

Acceptance Criteria

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Platform	Sandbox	Method
Linux	bubblewrap (`bwrap`)	Wrap agent command in `bwrap` with restricted paths
macOS	sandbox-exec (Seatbelt)	Generate `.sb` profile, wrap agent command

File	Changes
`src/sandbox/` (new)	Sandbox manager, platform detection, profile generation
`src/commands/run.ts`	Wrap agent spawn in sandbox when enabled
`src/generator/templates.ts`	Add sandbox config to `ralph.config.cjs` template

[S7] Add sandbox execution for loop processes (bubblewrap + sandbox-exec) #96

Description

Summary

Problem / Context

Proposed Solution

Platform Support

Configuration

Auto-Detection

Files to Modify

Acceptance Criteria

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions