diff --git a/pkg/io/local/client.go b/pkg/io/local/client.go
index 78310e4..ec88f95 100644
--- a/pkg/io/local/client.go
+++ b/pkg/io/local/client.go
@@ -24,6 +24,13 @@ func New(root string) (*Medium, error) {
 	if err != nil {
 		return nil, err
 	}
+	// Resolve symlinks so sandbox checks compare like-for-like.
+	// On macOS, /var is a symlink to /private/var — without this,
+	// EvalSymlinks on child paths resolves to /private/var/... while
+	// root stays /var/..., causing false sandbox escape detections.
+	if resolved, err := filepath.EvalSymlinks(abs); err == nil {
+		abs = resolved
+	}
 	return &Medium{root: abs}, nil
 }
 
diff --git a/pkg/io/local/client_test.go b/pkg/io/local/client_test.go
index 7fc5d57..b1a105c 100644
--- a/pkg/io/local/client_test.go
+++ b/pkg/io/local/client_test.go
@@ -14,7 +14,9 @@ func TestNew(t *testing.T) {
 	root := t.TempDir()
 	m, err := New(root)
 	assert.NoError(t, err)
-	assert.Equal(t, root, m.root)
+	// New() resolves symlinks (macOS /var → /private/var), so compare resolved paths.
+	resolved, _ := filepath.EvalSymlinks(root)
+	assert.Equal(t, resolved, m.root)
 }
 
 func TestPath(t *testing.T) {