Summary

network.allowLocalOutbound was silently a no-op on Linux: the sandbox runs under bwrap --unshare-net so its 127.0.0.1 is a separate loopback from the host's, and nothing bridged them. Fixes #128, by adding a per-port socat bridge from sandbox loopback to host loopback, gated by a new network.allowLocalOutboundPorts allowlist.

Per-port (rather than wildcard) because Linux network namespaces need a real forwarder for each port — there's no kernel filter to relax like macOS Seatbelt. A wildcard would require pasta/slirp4netns as a new dependency and is better left to a follow-up. macOS behavior is unchanged (allowLocalOutboundPorts is Linux-only).

Changes

• New network.allowLocalOutboundPorts []int config field with validation, merge dedup, schema, and a shared EffectiveAllowLocalOutbound() helper.
• New LocalOutboundBridge in internal/sandbox/linux.go mirroring the reverse-bridge pattern: host-side socat UNIX-LISTEN -> TCP:127.0.0.1:<port>, sandbox-side socat TCP-LISTEN:127.0.0.1:<port> -> UNIX-CONNECT, with Unix sockets bind-mounted across the namespace boundary.
• Manager wires the bridge when allowLocalOutbound=true, ports are listed, --unshare-net is active, and not in wildcard relaxed mode; warns clearly when the boolean is set on Linux without ports.
• Integration tests: positive path reaches a host HTTP server via the bridge; negative path proves the boolean alone stays blocked.
• Docs updated: configuration.md, troubleshooting.md, concepts.md, and an ARCHITECTURE.md section with a diagram symmetric to the reverse-bridge one.