Native macOS sandbox terminal:

- UI for sandbox-exec to protect filesystem - Network sandbox per domain - Secrets filter via gitleaks - Vertical tabs option

It's highly customizable. You generate native macOS app wrappers for each terminal app, each with its own rules and customizations.

https://multitui.com

I've been using a VM for claude code (probably would keep doing that as I do like how much control I have over it by doing that) but this is definitely a useful tool, I'll happily use that in the future.

I made a native macOS app with a GUI for sandbox-exec, plus a network sandbox with per-domain filtering and secrets detection: https://multitui.com/

My app is a macOS terminal wrapper with nice GUI for sandbox-exec and network sandbox. I just added a vertical tabs option too. https://multitui.com

I made a UI for this to run terminal apps, like claude and codex: https://multitui.com

I’m impressed really neat work! Why did you opt for closed source?

edit: I don’t have a problem with closed source, but when software is expected to be accountable for my security I get a little paranoid, so was curious about the safety and guarantees here. The UX and everything else looks great

Yeah, that’s understandable. Many open source macOS-only apps seem to get abandoned, so I’m trying to build something sustainable.

It uses only 3 dependencies that are very well known and widely used, so supply chain risk is minimal. That leaves me, the developer, as the main point of trust.

I like this! I built something similar for sandboxing CLI agents, and in the repo have a collection of minimal profiles for sandbox-exec to use - https://agent-safehouse.dev/

Codex already uses sandbox-exec on macOS :)

Yeah, they all do sometimes, but the agent decides what to allow and they can choose to not use it. This gives the user full control of the sandbox and you can run the agent in yolo mode.

Which terminal do you embed?

SwiftTerm, for not. I may switch to ghostty when their library is ready for embedding.

have you find a way to make claude emit the OSC hyperlink escapes when using SwiftTerm?

No, I run a separate URL detection to make links clickable. However, SwiftTerm just added link detection a few days ago and I haven’t had time to look into theirs yet.

Wow, this looks very nice.

The same concept is possible on Linux, but I don't think anyone has created a nice UI for it yet. There was a post yesterday about doing it on the command line in linux: https://news.ycombinator.com/item?id=46874139

One of the nice things in Multitui is that it monitors what is blocked and gives you a way to add a read/write rule from the UI.

I’m seeing log delays too the past couple of days… something like 14 hours, in my case.

At 14:00 UTC, I was still seeing requests from 2026-02-01, and none from today, the order also seems random.

Hopefully it will be fixed soon.

My app does this on macOS! https://multitui.com

Thanks! For network sandboxing, I was thinking something like what Little Snitch can do, but more customized... maybe block POST requests and long GET request strings or anything that looks like too much code or secrets.

Shameless plug, but you can sandbox codex cli without a container using my macOS app: https://multitui.com

This is a really nice tool! (Also, I love the old school animated GIFs in the site's footer.)

My site can extend a bunch of the icon sets that are on Iconify with AI image models, so you can feel comfortable using a more unique set than just the big ones: https://universymbols.com