Show HN: Minimal native macOS sandbox for Claude and Codex

Category: security

Tags: macos, sandbox, ai-agents, security, shell-script

Score: 6.8/10 (Innovation: 6, Technical: 7, Documentation: 8, Utility: 6)

Sandfence provides a minimal, auditable shell script that leverages macOS's native Seatbelt sandbox to confine AI coding agents like Claude Code and Codex to a single repository, preventing accidental destructive actions. It is interesting for its pragmatic, low-overhead approach to adding OS-enforced guardrails to agent workflows without virtualization or complex setup.

Target audience: backend devs, devops, security engineers

Repository: https://github.com/sheremetyev/sandfence · Shell · MIT

View on Hacker News