| name | codex-sandbox |
| description | Run code in Codex fully isolated sandbox - network disabled, CWD only, Seatbelt/Docker isolation |
| allowed-tools | Bash, Read, Write, TodoWrite, Glob, Grep |
Codex Sandbox Skill
Purpose
Execute code in Codex's fully isolated sandbox environment for safe experimentation with untrusted or risky code.
Unique Capability
What Claude Can't Do: Claude runs in your environment. Codex sandbox provides:
- Network DISABLED: No external connections
- CWD only: Cannot access parent directories
- OS-level isolation: macOS Seatbelt or Docker
- Resource limits: CPU, memory constraints
- Safe experimentation: Can't break your system
When to Use
Perfect For:
- Running untrusted code safely
- Risky refactoring experiments
- Testing code with potential bugs
- Isolated prototyping
- Security research
- Experimental dependencies
Don't Use When:
- Need network access
- Need to access files outside project
- Production debugging
Usage
# Basic sandbox execution
/codex-sandbox "Refactor auth system and run tests"
# With iteration limit
/codex-sandbox "Fix all tests" --max-iterations 10
# Risky experiment
/codex-sandbox "Try experimental algorithm implementation"
CLI Command
codex --full-auto --sandbox true --network disabled "Your task"
# Via script
CODEX_MODE=sandbox bash scripts/multi-model/codex-yolo.sh "Task" "id" "." "10" "sandbox"
Isolation Layers
| Layer | Protection |
|---|---|
| Network | DISABLED - no external connections |
| Filesystem | CWD only - no parent access |
| OS-Level | Seatbelt (macOS) / Docker |
| Process | Subprocess jail with limits |
| Commands | Blocked: rm -rf, sudo, etc. |
Integration Pattern
// 1. Run risky refactoring in sandbox
const result = await codexSandbox("Refactor entire auth system");
// 2. If successful, apply to real codebase
if (result.tests_pass) {
Task("Coder", "Apply sandboxed changes to main", "coder");
}
Memory Integration
- Key:
multi-model/codex/sandbox/{session_id} - Contains: commands, files created/modified, test results