SandVault - Run Claude Code, OpenAI Codex, Google Gemini and shell commands safely in a sandboxed macOS user account

SandVault (sv) manages a limited user account to sandbox shell commands and AI agents, providing a lightweight alternative to application isolation using virtual machines.

Features

• AI ready - Includes Claude Code, OpenAI Codex, Google Gemini
• Fast context switching - No VM overhead; instant user switching
• Passwordless - switch accounts without a prompt (after setup)
• Shared workspace - joint access to /Users/Shared/sv-$USER
• Clean uninstall - Complete removal with sv uninstall

Quick Links

1. To run xcodebuild or swift see Sandboxing xcodebuild and swift for details.
2. To run other sandboxed applications inside sandvault, use the -x option. See Sandboxing other apps for details.
3. It's not possible to run GUI applications from within the sandbox; see Running GUI Applications for details.

Security Model

SandVault has limited access to your computer:

• Cannot access your home directory
• Runs with standard user privileges
• Cannot modify system files
• Has no access to mounted drives

- writable:  /Users/Shared/sv-$USER         -- only accessible by you & sandvault-$USER
- writable:  /Users/sandvault-$USER         -- sandvault's home directory
- readable:  /usr, /bin, /etc, /opt         -- system directories
- no access: /Users/*                       -- other user directories

- writable:  /Volumes/Macintosh HD          -- accessible as per file permissions
- no access: /Volumes/*                     -- cannot access mounted/remote/network drives