OpenAI Codex CLI implements platform-native OS-level sandboxing: Seatbelt on macOS, Landlock+seccomp+bwrap on Linux, Restricted Tokens on Windows. Zeph has application-level controls (PolicyGate, TrustGate, ContentSanitizer, ExfiltrationGuard) but no OS-level process isolation. Shell commands inherit full environment and filesystem access. Proposed: Seatbelt integration for macOS, Landlock for Linux, config-driven opt-in (tools.sandbox.enabled). References: https://deepwiki.com/openai/codex/5.6-sandboxing-implementation
OpenAI Codex CLI implements platform-native OS-level sandboxing: Seatbelt on macOS, Landlock+seccomp+bwrap on Linux, Restricted Tokens on Windows. Zeph has application-level controls (PolicyGate, TrustGate, ContentSanitizer, ExfiltrationGuard) but no OS-level process isolation. Shell commands inherit full environment and filesystem access. Proposed: Seatbelt integration for macOS, Landlock for Linux, config-driven opt-in (tools.sandbox.enabled). References: https://deepwiki.com/openai/codex/5.6-sandboxing-implementation