Skip to main content
Both Claude Code and Codex support OS-level sandboxing to protect your system. This guide shows how to configure sandboxing in Schaltwerk.
Schaltwerk runs agents in isolated worktrees, which provides an additional layer of isolation beyond agent sandboxing.

Claude Code Sandboxing

Configuration in Schaltwerk

In Settings → Agent Configuration → Claude Code, add to CLI Arguments: 
-sb
This enables OS-level sandboxing (macOS Seatbelt, Linux Bubblewrap). For detailed sandboxing configuration options, see the official Claude Code sandboxing documentation.

Codex Sandboxing

Configuration in Schaltwerk

Codex offers three sandbox modes. Configure in Settings → Agent Configuration → Codex, add to CLI Arguments: Workspace-Write Mode (Recommended): 
--sandbox workspace-write
Read-Only Mode: 
--sandbox read-only
Full Auto Mode: 
--full-auto
--full-auto is equivalent to --sandbox workspace-write --ask-for-approval on-failure
For detailed information about sandbox modes, configuration options, and platform-specific details, see the official Codex sandboxing documentation.

Additional Resources

Claude Code Sandboxing

Official Claude Code sandboxing documentation

Codex Sandboxing

Official Codex sandboxing documentation