sandvault

# SandVault - Run AI agents and shell commands in a sandboxed macOS user account

<img src="https://www.codeofhonor.com/images/projects/sandvault.webp" align="left" width="200px"/>
SandVault (`sv`) manages a limited user account to sandbox shell commands and AI agents, providing a lightweight alternative to application isolation using virtual machines.

</br>
</br>

- **AI ready** - Includes Claude Code, OpenAI Codex, OpenCode, Google Cursor
- **Fast context switching** - No VM overhead; instant user switching
- **Passwordless** - switch accounts without a prompt (after setup)
- **Shared workspace** - joint access to `/Users/Shared/sv-$USER`
- **Defense in depth** - limited user account + `sandbox-exec`
- **Clean uninstall** - Complete removal with `sv uninstall`

</br>
</br>

---

## Quick Links

0. Run [Browser Automation](#Browser-Automation) from within the sandbox that can be used for testing web interactions.
1. To run `xcodebuild` or `swift` see [Sandboxing xcodebuild and swift](#Sandboxing-xcodebuild-and-swift) for details.
2. To run other sandboxed applications inside sandvault, use the `-x` option. See [Sandboxing other apps](#Sandboxing-other-apps) for details.
3. It's not possible to run GUI applications from within the sandbox; see [Running GUI Applications](#Running-GUI-Applications) for details.


## Security Model

SandVault has limited access to your computer:

- Cannot access your home directory
- Runs with standard user privileges
- Cannot modify system files
- Has no access to mounted drives

```
- writable:  /Users/Shared/sv-$USER         -- only accessible by you & sandvault-$USER
- writable:  /Users/sandvault-$USER         -- sandvault's home directory
- readable:  /usr, /bin, /etc, /opt         -- system directories
- no access: /Users/*                       -- other user directories

- writable:  /Volumes/Macintosh HD          -- accessible as per file permissions
- no access: /Volumes/*                     -- cannot access mounted/remote/n