I made a native macOS app with a GUI for sandbox-exec, plus a network sandbox with per-domain filtering and secrets detection:
https://multitui.com/
Readit Newsdavidcann commented on Agent Safehouse – macOS-native sandboxing for local agents agent-safehouse.dev/... · Posted by u/atombender
davidcann commented on macOS's Little-Known Command-Line Sandboxing Tool (2025) igorstechnoclub.com/sandb... · Posted by u/Igor_Wiwi
davidcann commented on Let's discuss sandbox isolation shayon.dev/post/2026/52/l... · Posted by u/shayonj
OK, let’s survey how everybody is sandboxing their AI coding agents in early 2026.
What I’ve seen suggests the most common answers are (a) “containers” and (b) “YOLO!” (maybe adding, “Please play nice, agent.”).
One approach that I’m about to try is Sandvault [0] (macOS only), which uses the good old Unix user system together with some added precautions. Basically, give an agent its own unprivileged user account and interact with it via sudo, SSH, and shared directories.
My app is a macOS terminal wrapper with nice GUI for sandbox-exec and network sandbox. I just added a vertical tabs option too. https://multitui.com
davidcann commented on macOS's Little-Known Command-Line Sandboxing Tool (2025) igorstechnoclub.com/sandb... · Posted by u/Igor_Wiwi
I’m impressed really neat work! Why did you opt for closed source?
edit: I don’t have a problem with closed source, but when software is expected to be accountable for my security I get a little paranoid, so was curious about the safety and guarantees here. The UX and everything else looks great
Yeah, that’s understandable. Many open source macOS-only apps seem to get abandoned, so I’m trying to build something sustainable.
It uses only 3 dependencies that are very well known and widely used, so supply chain risk is minimal. That leaves me, the developer, as the main point of trust.
davidcann commented on macOS's Little-Known Command-Line Sandboxing Tool (2025) igorstechnoclub.com/sandb... · Posted by u/Igor_Wiwi
davidcann commented on macOS's Little-Known Command-Line Sandboxing Tool (2025) igorstechnoclub.com/sandb... · Posted by u/Igor_Wiwi
davidcann commented on macOS's Little-Known Command-Line Sandboxing Tool (2025) igorstechnoclub.com/sandb... · Posted by u/Igor_Wiwi
I made a UI for this to run terminal apps, like claude and codex: https://multitui.com
davidcann commented on Show HN: Multitui – sandbox claude/codex/gemini on macOS without containers multitui.com/... · Posted by u/davidcann
I understand this macOS based. Do you think it can be ported to Linux (my intuition tells me this very macOS-specific, but maybe I am missing something)?
The same concept is possible on Linux, but I don't think anyone has created a nice UI for it yet. There was a post yesterday about doing it on the command line in linux:
https://news.ycombinator.com/item?id=46874139
One of the nice things in Multitui is that it monitors what is blocked and gives you a way to add a read/write rule from the UI.
- UI for sandbox-exec to protect filesystem - Network sandbox per domain - Secrets filter via gitleaks - Vertical tabs option
It's highly customizable. You generate native macOS app wrappers for each terminal app, each with its own rules and customizations.
https://multitui.com