sandvault

Run AI agents in a sandboxed macOS user account with restricted permissions. Ideal for operations teams needing to execute Claude Code, OpenAI Codex, Google Gemini, and shell commands safely. Connects to macOS environments and AI agent workflows.

[{"step":"Prepare the command or AI agent for execution. Ensure it includes all necessary arguments and paths. For example, if running a Python script, specify the script path and any required flags.","tip":"Use absolute paths for all file operations to avoid ambiguity in the sandbox. Test the command in a non-sandboxed environment first to verify it works as expected."},{"step":"Identify restricted paths or actions. List directories, files, or system resources the agent should not access (e.g., `/etc`, `/usr`, `network.local`).","tip":"Start with a restrictive policy and loosen permissions only if necessary. Use SandVault's policy templates for common restrictions (e.g., 'no_system_access', 'no_network_access')."},{"step":"Set resource limits (CPU, memory, disk I/O) to prevent the agent from consuming excessive system resources. Adjust these based on the complexity of the task.","tip":"For CPU-intensive tasks, set a limit slightly below your system's max capacity to avoid system slowdowns. Monitor the agent's performance in the sandbox to fine-tune limits."},{"step":"Execute the command or agent using SandVault. Monitor the process in real-time to catch any permission denials or resource limit breaches immediately.","tip":"Use SandVault's logging feature to capture all actions and errors. Review the log after execution to identify any issues or areas for policy improvement."},{"step":"Review the execution report. Analyze any denied actions or resource limits reached to adjust the sandbox policy or command for future runs.","tip":"If the agent fails due to resource limits, increase the limits incrementally. If it fails due to permission denials, refine the allowed paths or actions in the policy."}]