Sandvault:在隔離的 macOS 使用者帳戶中運行 AI 代理

Sandvault:在隔離的 macOS 使用者帳戶中運行 AI 代理

Hacker News·

SandVault 是一個新工具,讓使用者能在隔離的 macOS 使用者帳戶中安全地運行 AI 代理,如 Claude Code、OpenAI Codex 和 Google Gemini。這種方法提供了一種輕量級的虛擬機替代方案,以增強安全性並限制系統存取。

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

To see all available qualifiers, see our documentation.

Run AI agents isolated in a sandboxed macOS user account

License

Uh oh!

There was an error while loading. Please reload this page.

webcoyote/sandvault

Folders and files

Latest commit

History

Repository files navigation

SandVault

Run Claude Code, OpenAI Codex, and Google Gemini safely in a sandboxed macOS user account

SandVault creates an isolated user account ("sandvault-$USER") with restricted permissions for running AI agents with limited system access. This provides a lightweight alternative to VMs while maintaining security through macOS's built-in user isolation.

Features

Installation

Install via Homebrew:

Install via git:

Quick Start

SandVault has limited access to your computer:

Custom Configuration

SandVault supports custom configuration; see ./guest/home/README.md.

Why SandVault?

After exploring Docker containers, Podman, sandbox-exec, and virtualization, I needed something that:

SandVault uses macOS's Unix heritage and user account system to create a simple but effective sandbox.

Commands

Security Model

The sandvault user:

This provides defense in depth when running untrusted code or experimenting with new tools.

Alternatives

License

Apache License, Version 2.0

SandVault Copyright © 2026 Patrick Wyatt

See LICENSE.md for details.

Contributors

We welcome contributions and bug reports.

See CONTRIBUTORS.md for the list of contributors to this project.

Thanks to

This project builds on the great works of other open-source authors:

... as well as GNU, BSD, Linux, Git, Sqlite, Node, Python, netcat, jq, and more. "We stand upon the shoulders of giants."

About

Run AI agents isolated in a sandboxed macOS user account

Topics

Resources

License

Uh oh!

There was an error while loading. Please reload this page.

Stars

Watchers

Forks

Contributors

  3

Image

Image

Image

Languages

Footer

Footer navigation

Hacker News

相關文章

  1. Agent Safehouse:專為本地 AI 代理打造的 macOS 原生沙盒工具

    大約 2 個月前

  2. macOS 鮮為人知的命令列沙盒工具:sandbox-exec

    2 個月前

  3. Matchlock 使用基於 Linux 的沙盒保護 AI 代理工作負載

    2 個月前

  4. 沙盒化AI程式碼代理:實用指南

    4 個月前

  5. 在Linux中沙盒化AI代理

    3 個月前