codex-container-sandbox

Name: codex-container-sandbox
Rating: 65
Author: santiago-afonso

by santiago-afonso

Run Codex CLI inside a Podman container with full network access and explicit filesystem allowlist mounts.

⭐ 0🍴 0📅 Jan 14, 2026

claude-skills codex skills

View on GitHub Run in Manus

SKILL.md

name: codex-container-sandbox description: "Run Codex CLI inside a Podman container with full internet access but filesystem exposure limited to the repo root + explicit bind mounts; use when you want yolo/web-search without giving the agent access to your whole host filesystem."

codex-container-sandbox

Use this when you want:

Full egress/network for codex (web search, fetching, etc.)
Tight filesystem boundaries via container bind mounts (repo root + explicit allowlist)

This repo contains a wrapper script intended to be installed as codex-container-sandbox.

Workflow

Build the image

From the repo root (this repository):

podman build -t localhost/codex-container-sandbox:latest -f Containerfile .

Install the wrapper

install -m 0755 codex-container-sandbox ~/.local/bin/codex-container-sandbox

(Optional) Configure extra mounts

Create ~/.config/codex-container-sandbox/config.sh:

CODEX_CONTAINER_SANDBOX_IMAGE="localhost/codex-container-sandbox:latest"

# Extra read-only mounts (mapped under /home/codex/... if under $HOME)
CODEX_CONTAINER_SANDBOX_RO_MOUNTS=(
  "$HOME/.local/bin"
)

# Extra read-write mounts
CODEX_CONTAINER_SANDBOX_RW_MOUNTS=(
  "$HOME/.cache/uv"
  "$HOME/tmp"
)

Login once inside the container

codex-container-sandbox --shell
codex login

Run the self-test (recommended)
```
./selftest.sh
```
If this repo is vendored as a git submodule at ./codex-container-sandbox/ (for example in a dotfiles repo), either:
- cd codex-container-sandbox && ./selftest.sh, or
- run ./codex-container-sandbox/selftest.sh from the parent repo root.

Run Codex

codex-container-sandbox exec "Summarize this repo"

Safety notes

This wrapper runs Codex in full-yolo mode (--dangerously-bypass-approvals-and-sandbox) with full networking. Anything mounted into the container can be exfiltrated.
Keep mounts minimal; do not mount secrets, password stores, SSH keys, or large chunks of $HOME unless you intend to expose them.

Score

Total Score

65/100

Based on repository quality metrics

✓SKILL.md

SKILL.mdファイルが含まれている

+20

○LICENSE

ライセンスが設定されている

0/10

✓説明文

100文字以上の説明がある

+10

○人気

GitHub Stars 100以上

0/15

✓最近の活動

3ヶ月以内に更新

○フォーク

10回以上フォークされている

0/5

✓Issue管理

オープンIssueが50未満

✓言語

プログラミング言語が設定されている

✓タグ

1つ以上のタグが設定されている

Reviews

💬

Reviews coming soon

codex-container-sandbox

SKILL.md

name: codex-container-sandbox description: "Run Codex CLI inside a Podman container with full internet access but filesystem exposure limited to the repo root + explicit bind mounts; use when you want yolo/web-search without giving the agent access to your whole host filesystem."

codex-container-sandbox

Workflow

Safety notes

Score

Reviews

changelog-automation

web-component-design

dbt-transformation-patterns

market-sizing-analysis

on-call-handoff-patterns

architecture-decision-records

codex-container-sandbox

SKILL.md

name: codex-container-sandbox description: "Run Codex CLI inside a Podman container with full internet access but filesystem exposure limited to the repo root + explicit bind mounts; use when you want yolo/web-search without giving the agent access to your whole host filesystem."

codex-container-sandbox

Workflow

Safety notes

Score

Reviews

Related

Related Skills

changelog-automation

web-component-design

dbt-transformation-patterns

market-sizing-analysis

on-call-handoff-patterns

architecture-decision-records