Hacker News new | ask | show | jobs
by aniviacat 85 days ago
Codex has some OS-level sandboxing by default that confines its actions to the current workspace [1].

OpenCode has no sandboxing, as far as I know.

That makes Codex a much better choice for security.

[1] https://developers.openai.com/codex/concepts/sandboxing
1 comments
nezhar 84 days ago
I created VibePod, which allows you to sandbox the agents in containers and monitor their activities. It also supports OpenCode.

https://github.com/VibePod/vibepod-cli

link