Both Claude Code and Codex use sandbox-exec with Seatbelt to sandbox execution:
- https://developers.openai.com/codex/security/#os-level-sandb...
Both Claude Code and Codex use sandbox-exec with Seatbelt to sandbox execution:
- https://developers.openai.com/codex/security/#os-level-sandb...
It weirds me out a bit that Claude is able to reach outside the sandbox during a session. According to the docs this is with user consent. I would feed better with a more rigid safety net, which is why I've been explicitly invoking claude with sandbox-exec.
[dead]