Sandbox claude code
without changing your workflow

Multitui protects your filesystem when running untrusted code by creating highly-customizable individual macOS terminal apps for your favorite TUI and command line programs.

Example Apps
Native app for macOS 15+ (v0.9.3, 19.4 MB) Beta
Changelog
About Sandboxing
Multitui - Sandbox claude code, codex, or any TUI on macOS | Product Hunt
The Multitui app factory - configure and preview your custom terminal apps

Wrap any terminal app

Make TUI apps into first-class macOS apps

Folder-based Apps

Filesystem protection, Finder toolbar plugin

ClaudeCode Claude Code by Anthropic
Codex Codex by OpenAI
Gemini Gemini by Google
OpenCode Open source coding agent
lazygit Git interface
dua Disk usage explorer

File-based Apps

Double-click in Finder, toolbar plugin, dock drop

nano Text file editor
harlequin SQLite interface
jqp JSON viewer with jq
hex-patch Hex viewer
treemd Text file editor

Terminal Utilities

Global shortcut, always on top

top System resource monitor
htop System resource monitor
snitch Network connections monitor
jolt Battery usage monitor
lazydocker Docker management

Menubar Widgets

Text in menubar, auto-reload

ping Latency to 1.1.1.1
ip IP address from icanhazip.com
wttr Outdoor temp from wttr.in
See examples...

Sandbox

Your filesystem, your rules

Multitui uses macOS's built-in sandbox-exec to give you fine-grained control over what code can access.

  • Default deny delete everywhere
  • Default deny read and write in user folder: ~
  • Targeted allow read or write (only specific paths)
  • Allow read and write in your project folder
  • Log of deny actions to see what was blocked and add a rule to allow
  • --dangerously-skip-permissionsbut protect your files

Let agents run, but with protection.

Keep your dev environment.

Multitui acts like a general shell with your existing cli tools, but prevents those tools from deleting or editing files on your dev system.

You don't need to launch a container or VM.

Keep your favorite terminal app.

Keep using iTerm2, Ghostty, Alacritty, or Terminal.app for your general work. Multitui apps complement your terminal. They're for the tools that deserve their own dedicated window, reducing your terminal tabs and giving you more control.

Built for power users

Sandbox

Fine-grained filesystem protection using macOS sandbox-exec. Default deny for writes and deletes, with targeted allow rules for specific paths. Let AI agents help without letting them harm.

First-class macOS Apps

Each TUI becomes a dedicated .app bundle with its own dock icon, Spotlight integration, and proper window management. Works seamlessly with Rectangle, Magnet, and other window managers.

Finder Integration

Launch apps directly from Finder with toolbar buttons and context menus. Register as file handlers for specific document types. Open folders/files with:

  • Finder toolbar button
  • Right-click in Finder
  • Drag to dock icon
  • URL scheme: claudecode://open?arg=/path/to/open
  • AppleScript
  • Command line: › appname.app

Native document-based design

Each app maintains its own recent documents for easy access and organization. Recent documents menu, native tabs, customizable toolbar (or seamless toolbar!), and more.

Isolated Shell History and Snippets

Each app maintains its own command history, completely separate from your main shell. Save frequently used commands as snippets specific to each app.

Style for Contextual Awareness

Customize style per-app to give yourself visual cues for better contextual awareness. Make a separate app for a production environment with a red background, so you never make a mistake.

And much more...

SSH Integration Run remote TUIs
App Styles Window, HUD, Menu Bar, Document
Touch ID Lock Biometric authentication
Global Keyboard Shortcuts Launch from anywhere
Per-App Themes Highly customizable colors
Custom App Icons Unique per-app
Works with Little Snitch Control network access per-app
No Tracking Calls server only for updates

PSA: You can use sandbox-exec directly.

macOS includes sandbox-exec, a powerful but undocumented tool for running processes with restricted permissions.

sandbox-exec -p '\
  (version 1)\
  (deny default)\
  (allow process-exec)\
  (allow process-fork)\
  (allow file-read*)\
  (allow file-write* (subpath "/Users/you/allowed-folder") (subpath "/tmp"))' /path/to/command
Why use Multitui instead? Multitui helps you manage rulesets per-app, so you can keep access minimal and targeted. You can even create a new app for each project, so you minimize access even more. When something gets blocked, Multitui shows you exactly what happened in a live deny log, then lets you add an allow rule with one click.