{"id":31581048,"url":"https://github.com/webcoyote/sandvault","last_synced_at":"2026-05-08T19:32:35.535Z","repository":{"id":314686985,"uuid":"1055377324","full_name":"webcoyote/sandvault","owner":"webcoyote","description":"Run AI agents isolated in a macOS user account and sandbox-exec. Configured to run Claude Code, OpenAI Codex, Cursor Agent, Google Gemini.","archived":false,"fork":false,"pushed_at":"2026-05-01T23:40:42.000Z","size":602,"stargazers_count":250,"open_issues_count":2,"forks_count":11,"subscribers_count":4,"default_branch":"main","last_synced_at":"2026-05-04T03:13:09.904Z","etag":null,"topics":["claude-code","macos","openai-codex","sandbox"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/webcoyote.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2025-09-12T07:17:45.000Z","updated_at":"2026-05-04T00:54:08.000Z","dependencies_parsed_at":"2025-09-14T05:41:10.472Z","dependency_job_id":"3e91429c-3b6f-41e7-9f0a-131ef2adc51f","html_url":"https://github.com/webcoyote/sandvault","commit_stats":null,"previous_names":["webcoyote/sandvault"],"tags_count":52,"template":false,"template_full_name":null,"purl":"pkg:github/webcoyote/sandvault","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webcoyote%2Fsandvault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webcoyote%2Fsandvault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webcoyote%2Fsandvault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webcoyote%2Fsandvault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/webcoyote","download_url":"https://codeload.github.com/webcoyote/sandvault/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webcoyote%2Fsandvault/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32794633,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-08T08:22:46.396Z","status":"ssl_error","status_checked_at":"2026-05-08T08:22:45.650Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["claude-code","macos","openai-codex","sandbox"],"created_at":"2025-10-05T21:52:30.279Z","updated_at":"2026-05-08T19:32:35.529Z","avatar_url":"https://github.com/webcoyote.png","language":"Shell","funding_links":[],"categories":["Sandboxing \u0026 Isolation","Host-level sandboxes and local workspace isolation"],"sub_categories":["macOS"],"readme":"# SandVault - Run AI agents and shell commands in a sandboxed macOS user account. Sandboxed web and app testing with Chrome and iOS Simulator.\n\n\u003cimg src=\"https://www.codeofhonor.com/images/projects/sandvault.webp\" align=\"left\" width=\"200px\"/\u003e\nSandVault (`sv`) manages a limited user account to sandbox shell commands and AI agents, providing a lightweight alternative to application isolation using virtual machines.\n\n\u003c/br\u003e\n\u003c/br\u003e\n\n- **AI ready** - Includes Claude Code, OpenAI Codex, OpenCode, Google Gemini\n- **Web and iOS automation** - sandbox access to Chrome and iOS Simulator\n- **Fast context switching** - No VM overhead; instant user switching\n- **Passwordless** - switch accounts without a prompt (after setup)\n- **Shared workspace** - joint access to `/Users/Shared/sv-$USER`\n- **Defense in depth** - limited user account + `sandbox-exec`\n- **Clean uninstall** - Complete removal with `sv uninstall`\n\n\u003c/br\u003e\n\u003c/br\u003e\n\n---\n\n## Quick Links\n\n0. Run [Browser Automation](#Browser-Automation) from within the sandbox that can be used for testing web interactions.\n1. Run [iOS Simulator Automation](#iOS-Simulator-Automation) from within the sandbox that can be used for iOS app testing.\n2. To run `xcodebuild` or `swift` see [Sandboxing xcodebuild and swift](#Sandboxing-xcodebuild-and-swift) for details.\n3. To run other sandboxed applications inside sandvault, use the `-x` option. See [Sandboxing other apps](#Sandboxing-other-apps) for details.\n4. It's not possible to run GUI applications from within the sandbox; see [Running GUI Applications](#Running-GUI-Applications) for details.\n\n\n## Security Model\n\nSandVault has limited access to your computer:\n\n- Cannot access your home directory\n- Runs with standard user privileges\n- Cannot modify system files\n- Has no access to mounted drives\n\n```\n- writable:  /Users/Shared/sv-$USER         -- only accessible by you \u0026 sandvault-$USER\n- writable:  /Users/sandvault-$USER         -- sandvault's home directory\n- readable:  /usr, /bin, /etc, /opt         -- system directories\n- no access: /Users/*                       -- other user directories\n\n- writable:  /Volumes/Macintosh HD          -- accessible as per file permissions\n- no access: /Volumes/*                     -- cannot access mounted/remote/network drives\n```\n\n\n## Installation\n\nInstall via Homebrew:\n\n```bash\nbrew install sandvault\n```\n\nInstall via git:\n\n```bash\n# Clone the repository\n  git clone https://github.com/webcoyote/sandvault\n\n# Option 1: add the sandvault directory to your path\n  export PATH=\"$PATH:/path/to/where/you/cloned/sandvault\"\n\n# Option 2: add to your shell configuration for easy access\n  echo \u003e\u003e ~/.zshrc  'alias sv=\"/path/to/where/you/cloned/sandvault/sv\"'\n  echo \u003e\u003e ~/.bashrc 'alias sv=\"/path/to/where/you/cloned/sandvault/sv\"'\n```\n\n\n## Quick Start\n\n```bash\n# Run Claude Code in the sandbox\n# shortcut: sv cl\n  sv claude\n\n# Run OpenAI Codex in the sandbox\n# shortcut: sv co\n  sv codex\n\n# Run OpenCode in the sandbox\n# shortcut: sv o\n  sv opencode\n\n# Run Google Gemini in the sandbox\n# shortcut: sv g\n  sv gemini\n\n# Run command shell in the sandbox\n# shortcut: sv s\n  sv shell\n```\n\n\n## Connect via SSH\n\nThe default mode for sandvault runs commands as a limited user (basically `sudo -u sandbox-$USER COMMAND`). Sandvault also configures the limited sandvault account so that you can run commands via SSH (basically `ssh sandbox-$USER@$HOSTNAME`), and everything works the same. Use the `-s` or `--ssh` option to use SSH mode with `sv`, or use `tmux` or `screen` for users so inclined.\n\n```bash\n# Run using impersonation\n# sv COMMAND\n  sv gemini\n\n# Run using ssh\n# sv -s/--ssh COMMAND\n  sv --ssh gemini\n```\n\n\n## Advanced Commands\n\n```bash\n# Run AI agent with optional arguments\n# Usage:\n#   sv \u003cagent\u003e [PATH] [-- AGENT_ARGUMENTS]\n# Example:\n  sv gemini -- --continue\n\n\n# Run shell command in sandvault and exit\n# Usage:\n#  sv shell [PATH] -- [SHELL_COMMAND]\n# Example:\n  sv shell /Users -- pwd      # output: /Users\n\n\n# Send input via stdin\n# Usage:\n#   \u003cproducer\u003e | sv shell [PATH] [-- SHELL_COMMAND]\n# Examples:\n  echo \"pwd ; exit\" | sv shell /Users       # output: /Users\n\n  echo ABC | sv shell -- tr 'A-Z' 'a-z'     # output: abc\n\n  cat PROMPT.md | sv gemini\n\n\n# Clone local/remote Git repository into /Users/sandvault-$USER/repositories/\u003cgit-repository\u003e and open there\n# Usage:\n#   sv \u003cagent|shell\u003e --clone URL_OR_LOCAL_PATH [-- AGENT_OR_SHELL_ARGS]\n# Examples:\n  sv codex --clone https://github.com/webcoyote/sandvault.git\n  sv codex -c ~/src/my-app\n  sv shell --clone https://github.com/webcoyote/sandvault.git\n  sv shell -c ../my-app\n\nUse a full or relative path with a directory name for local clones.\n\nFor local Git repositories, sandvault also wires remotes:\n\n- Your local Git repository gets/updates remote `sandvault` -\u003e `/Users/sandvault-$USER/repositories/\u003cgit-repository\u003e`\n- This lets you run `git fetch sandvault` from the original local Git repository to pull commits made in the sandvault Git repository.\n```\n\n\n## Native Install\n\nBy default, SandVault installs AI tools via Homebrew on the host side. With `--native-install` (`-N`), tools are instead installed inside the sandbox using their own installers:\n\n- **Claude Code** — installed via `curl -fsSL https://claude.ai/install.sh | bash`\n- **Codex** — installed via `npm install -g @openai/codex`\n- **OpenCode** — installed via `curl -fsSL https://opencode.ai/install | bash`\n- **Gemini** — installed via `npm install -g @google/gemini-cli`\n\nTools are installed on first run and reused on subsequent runs.\n\n```bash\n# Install and run Claude Code natively\nsv --native-install claude\nsv -N claude\n\n# Works with all AI agents\nsv -N codex\nsv -N opencode\nsv -N gemini\n```\n\nTo make native install the default, set `SANDVAULT_ARGS`:\n\n```bash\n# Add to your shell profile (~/.zshrc, ~/.bashrc, etc.)\nexport SANDVAULT_ARGS=\"--native-install\"\n\n# Now 'sv claude' uses native install automatically\nsv claude\n```\n\n\n## Environment Variables\n\nSet `SANDVAULT_ARGS` to supply default arguments that are prepended to the command line:\n\n```bash\n# Add to your shell profile (~/.zshrc, ~/.bashrc, etc.)\nexport SANDVAULT_ARGS=\"--verbose --ssh\"\n\n# Now these are equivalent:\nsv claude\nsv --verbose --ssh claude\n```\n\nShell quoting is supported, so arguments with spaces work:\n\n```bash\nexport SANDVAULT_ARGS='--clone \"my project\"'\n```\n\nExplicit command-line arguments are appended after `SANDVAULT_ARGS`, so they are processed afterwards.\n\n\n## Maintenance Commands\n\n```bash\n# Build sandvault but do not run a command\n  sv build\n  sv b\n\n\n# Rebuild sandvault, including updating all file permissions and ACLs in the shared volume\n  sv build --rebuild\n  sv b -r\n\n# Fix permissions when using a restrictive umask (e.g. 077)\n  sv --fix-permissions\n  sv --fix-permissions build\n\n# Uninstall sandvault (does not delete files in the shared volume)\n  sv uninstall\n\n\n# Misc commands\n  sv --version\n  sv --help\n```\n\n\n## `agentsview` Integration\n\n[`agentsview`](https://github.com/badlogic/agentsview) is a dashboard that aggregates session history, search, and cost tracking across AI coding agents (Claude Code, Codex, OpenCode, Gemini). If you have agentsview installed on the host, `sv-agentsview-setup` mirrors sandbox session data so it appears alongside your host-side sessions.\n\n```bash\n# Detect agentsview, prompt to opt in, and configure\nsv-agentsview-setup\n```\n\nThen run `agentsview serve` and you'll see your sandvault AI sessions included in the `agentsview` dashboard.\n\n\n## Nested sandboxes\n\nIn addition to running in a different macOS user account, sandvault also runs applications using macOS `sandbox-exec`, which further limits what resources are accessible.\n\nSome applications, like `swift`, already run inside a sandbox. Because macOS does not support nested (i.e. recursive) sandboxes, these applications fail to run.\n\nRead on for solutions.\n\n\n### Sandboxing xcodebuild and swift\n\nFor `swift` (and `xcodebuild`, which runs `swift`), you can set the following variables in your build scripts to run inside sandvault:\n\nFor `swift`:\n\n```bash\nARGS=()\n\n# Disable sandboxing when running inside sandvault to avoid nested sandbox-exec\nif [[ -n \"${SV_SESSION_ID:-}\" ]]; then\n    ARGS+=(--disable-sandbox)\nfi\n\nswift build \"${ARGS[@]}\" \"$@\"\n```\n\nFor `xcodebuild`:\n\n```bash\nARGS=()\n\n# Disable sandboxing when running inside sandvault to avoid nested sandbox-exec\nif [[ -n \"${SV_SESSION_ID:-}\" ]]; then\n    export SWIFTPM_DISABLE_SANDBOX=1\n    export SWIFT_BUILD_USE_SANDBOX=0\n    ARGS+=(\"-IDEPackageSupportDisableManifestSandbox=1\")\n    ARGS+=(\"-IDEPackageSupportDisablePackageSandbox=1\")\n    # shellcheck disable=SC2016 # Expressions don't expand in single quotes # that is intentional\n    ARGS+=('OTHER_SWIFT_FLAGS=$(inherited) -disable-sandbox')\nfi\n\nxcodebuild \\\n    build \\\n    \"${ARGS[@]}\" \\\n    ...\n```\n\n\n### Sandboxing other apps\n\nIf the app you intend to run does not support disabling the use of sandbox-exec like `xcodebuild` and `swift` you can run sandvault without `sandbox-exec`:\n\n```bash\n# Disable use of sandbox-exec (app still runs as sandvault user) using -x / --no-sandbox\n  sv -x           claude\n  sv --no-sandbox codex\n  sv --no-sandbox shell $HOME/projects/my-app -- xcodebuild ...\n```\n\nDisabling `sandbox-exec` has the following security implications:\n\n- No protection against reading/writing removable drives (`/Volumes/...`)\n- No protection against writing files with `o+w` (`0002`) file permissions\n\n```bash\n# To find all files on your computer that are \"world writable\" (perms: `o+w` / 0002)\n# run this command from your account (not in sandvault):\n  find / \\\n       -path \"/Users/sandvault-$USER\" -prune \\\n    -o -path \"/Users/sv-$USER\" -prune \\\n    -o -perm -o=w -print 2\u003e/dev/null\n```\n\n\n## Troubleshooting\n\nIf your sandbox is misbehaving you can fix it with a rebuild or uninstall/reinstall. They're both safe and will not delete files in the shared sandbox folder.\n\n```bash\n# Force rebuild\nsv --rebuild build\n\n\n# Uninstall then reinstall\nsv uninstall\nsv build\n```\n\n\n### Fix the security popup\n\n![macOS security keychain login dialog](https://webcoyote.github.io/images/shared/sandvault/security-keychain.jpg)\n\nIf you see a security popup above, it may be because files in the shared sandvault directory don't have the correct ACLs, which occurs when another user's files are copied into the sandvault shared directory (`/Users/Shared/sv-$USER`). This can be corrected by running the rebuild command `sv --rebuild build`, or adding the rebuild flag to any command, e.g. `sv -r shell`. This only needs to be done once.\n\n\n### Fix permission errors from restrictive umask\n\nIf you see \"Permission denied\" errors when running `sv`, your shell may have a restrictive `umask` (e.g., `077` instead of the default `022`). Check with:\n\n```bash\numask\n```\n\nSandVault detects this and warns you. To fix it for the current session, add `--fix-permissions`:\n\n```bash\n# Fix permissions (standalone or with build)\nsv --fix-permissions\nsv --fix-permissions build\n```\n\nIf you previously installed Homebrew under a restrictive umask, you may also need to fix its directory permissions:\n\n```bash\nsudo chmod -R o+rX /opt/homebrew\n```\n\n\n## Custom Shell Configuration\n\nIf you're using `sandvault`, you're probably the type of person who also sets custom shell configuration files, and you'd be disappointed if you had to use default zsh while running `sv shell`. Here's how to configure your custom configuration for sandvault:\n\n1. Ensure sandvault has been installed by running a command like `sandvault build`, `sandvault shell`, `sandvault claude`, etc.\n2. Copy your desired configuration files (e.g. `.zshrc`, `.zprofile`, etc.) to `/Users/Shared/sv-${USER}/user/`.\n\nNext time you run sandvault, your files will be copied to the sandvault user home directory, and your zsh configuration files will be sourced:\n\n    .zshenv → .zprofile → .zshrc\n    NOTE: .zlogin and .zlogout not supported\n\n\u003e **Note:** Earlier versions of sandvault supported configuration files in `guest/home/user/`, which didn't work for Homebrew installations. Consequently, this is no longer supported, and you'll get an error message asking you to move `guest/home/user` to `/Users/Shared/sv-${USER}/user/`.\n\n\n## Browser Automation\n\nSandVault supports headless Chrome for browser automation from within the sandbox. Chrome runs on the host side and the sandbox connects to it via the Chrome DevTools Protocol (CDP) over localhost.\n\n### Usage\n\n```bash\n# Launch with browser support\nsv --browser claude\nsv --browser shell\n```\n\nInside the sandbox, the `SV_BROWSER_ENDPOINT` environment variable contains the CDP endpoint URL (e.g. `http://127.0.0.1:52858`).\n\n```javascript\n// Playwright\nconst browser = await chromium.connectOverCDP(process.env.SV_BROWSER_ENDPOINT);\n\n// Puppeteer\nconst browser = await puppeteer.connect({ browserURL: process.env.SV_BROWSER_ENDPOINT });\n```\n\nFrom the host, you can query the endpoint URL:\n```bash\n# Prints the CDP endpoint URL (or errors if browser is unavailable)\nsv --endpoint\n```\n\nSee also [`./tests/browser/*.js`](./tests/browser) for examples of using Playwright and Puppeteer. See [`guest/home/bin/prompts/browser.md`](./guest/home/bin/prompts/browser.md) for prompt.\n\n### How it works\n\n- Chrome is launched headless on the host side with a dynamic port (`--remote-debugging-port=0`), and sandvault connections via `localhost`\n- Chrome stays running across sandbox sessions and is stopped when the last `--browser` session exits\n- Chrome uses an isolated user data directory, separate from your personal Chrome profile\n\n### Requirements\n\nGoogle Chrome or Chromium must be installed in `/Applications/`.\n\n\n## iOS Simulator Automation\n\nSandVault can expose the iOS Simulator to sandboxed AI agents for iOS app testing. The simulator runs on the host (it is a GUI app and cannot run inside the sandbox), and an HTTP bridge on localhost translates sandbox-side requests into `xcrun simctl` and [`iosef`](https://github.com/riwsky/iosef) invocations.\n\n### Usage\n\n```bash\n# Launch with iOS Simulator support\nsv --ios claude\nsv --ios shell\n```\n\nAdd `--ios-gui` to also show the Simulator.app window — useful when debugging interactively or watching an agent's actions:\n\n```bash\nsv --ios-gui shell\n```\n\nSimulator.app is left running on session exit so that other simulators (yours or other tools') aren't disrupted.\n\nInside the sandbox, the `SV_IOS_SIMULATOR_ENDPOINT` environment variable points at the HTTP bridge (e.g. `http://127.0.0.1:52861`).\n\n```bash\n# Check if simulator is ready\ncurl $SV_IOS_SIMULATOR_ENDPOINT/ready\n\n# Read the accessibility tree\ncurl $SV_IOS_SIMULATOR_ENDPOINT/describe\n\n# Tap a button by accessibility name\ncurl -X POST -H 'Content-Type: application/json' \\\n  -d '{\"name\":\"Sign In\"}' \\\n  $SV_IOS_SIMULATOR_ENDPOINT/tap\n\n# Launch an app by bundle id\ncurl -X POST -H 'Content-Type: application/json' \\\n  -d '{\"bundle_id\":\"com.apple.Preferences\"}' \\\n  $SV_IOS_SIMULATOR_ENDPOINT/launch\n\n# Save a screenshot as JPG (point resolution)\ncurl -o low_res.jpg $SV_IOS_SIMULATOR_ENDPOINT/view\n\n# Save a screenshot as PNG (pixel resolution)\ncurl -o high_res.png $SV_IOS_SIMULATOR_ENDPOINT/view_pixels\n```\n\nSee [`guest/home/bin/prompts/ios-simulator.md`](./guest/home/bin/prompts/ios-simulator.md) for the full list of endpoints. This file is automatically included in your AI agent prompt when using --ios/--ios-gui. See [`tests/ios-simulator/scripts/tests`](./tests/ios-simulator/scripts/tests) for a runnable example.\n\n### How it works\n\n- A fresh scratch simulator (named `sandvault-\u003csession-id\u003e`) is created and booted on the host for each `--ios` session, and deleted on exit.\n- A Python HTTP bridge (`helpers/sv-ios-bridge`) listens on a dynamic localhost port and fronts a whitelisted set of `iosef` and `xcrun simctl` subcommands.\n- `.app` bundles passed to `/install` must live under `/Users/Shared/` (so the sandbox user can already access them); the bridge rejects paths outside that tree.\n- All subprocess calls use explicit argv lists, not shells.\n\n### Requirements\n\n- Xcode with at least one iOS runtime installed (Xcode → Settings → Platforms).\n- Homebrew (used to install `uv`, which installs `iosef`). sandvault installs both automatically on first use.\n\n\n## Running GUI Applications\n\nTL;DR: Sorry, macOS security limitations prevent this from working.\n\nIt would be great to be able to run GUI applications (e.g. browsers, Claude Desktop) in the sandbox account to limit their access to main account resources.\n\nThe issue seems to be that an application cannot report to a WindowServer that's owned by a different user.\n\nInternet posts suggest it's possible using `sudo su`, `sudo launchctl asuser`, and `sudo launchctl bsexec`, but those answers are from long ago and it seems likely that Apple improvements to macOS security have closed those doors.\n\nIn the event you do find a solution, send a PR please :)\n\n\n## Why SandVault?\n\nAfter exploring Docker containers, Podman, sandbox-exec, and virtualization, I needed something that:\n\n- Works natively on macOS without virtualization overhead\n- Provides meaningful isolation without too much complexity\n- Runs Claude Code with `--dangerously-skip-permissions`\n- Runs OpenAI Codex with `--dangerously-bypass-approvals-and-sandbox`\n- Runs OpenCode with `OPENCODE_PERMISSION='{\"*\":\"allow\"}'`\n- Runs Google Gemini with `--yolo`\n- Automates Chrome for web testing (via Chrome DevTools Protocol)\n- Automated iOS Simulator for app testing (via `xcrun simctl`, and `iosef`)\n- Maintains a clean separation between trusted and untrusted code\n\nSandVault uses macOS's Unix heritage and user account system to create a simple but effective sandbox.\n\n\n# Alternatives\n\n- [ClodPod](https://github.com/webcoyote/clodpod) runs Claude Code inside a macOS virtual machine.\n- [Chamber](https://github.com/cirruslabs/chamber) is a proof-of-concept app for running Claude Code inside a macOS virtual machine.\n- [Claude Code Sandbox](https://github.com/textcortex/claude-code-sandbox) runs Claude Code in a Docker container (Linux)\n\n\n# License\n\nApache License, Version 2.0\n\nSandVault Copyright © 2026 Patrick Wyatt\n\nSee [LICENSE.md](LICENSE.md) for details.\n\n\n# Contributors\n\nWe welcome contributions and bug reports.\n\nSee [CONTRIBUTORS.md](CONTRIBUTORS.md) for the list of contributors to this project.\n\n\n# Thanks to\n\nThis project builds on the great works of other open-source authors:\n\n- [Claude](https://www.anthropic.com/claude) - AI coding assistant\n- [Codex](https://openai.com/codex/) - AI coding assistant\n- [CMux](https://github.com/manaflow-ai/cmux) - an awesome terminal\n- [Ghostty](https://ghostty.org) - an awesome terminal \u0026 terminal library\n- [Homebrew](https://brew.sh): 🍺 The missing package manager for macOS (or Linux)\n- [Shellcheck](https://www.shellcheck.net): finds bugs in your shell scripts\n- [uv](https://docs.astral.sh/uv/): An extremely fast Python package and project manager, written in Rust\n- [Claude Code Hooks Mastery](https://github.com/disler/claude-code-hooks-mastery): Quickly master how to use Claude Code hooks to add deterministic (or non-deterministic) control over Claude Code's behavior\n- [StatusLine](https://gist.github.com/dhkts1/55709b1925b94aec55083dd1da9d8f39): project status information for Claude Code\n\n... as well as GNU, BSD, Linux, curl, Git, Sqlite, Node, Python, netcat, jq, and more. \"We stand upon the shoulders of giants.\"\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwebcoyote%2Fsandvault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwebcoyote%2Fsandvault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwebcoyote%2Fsandvault/lists"}