OrchestKit ships no sandbox (isolation is the harness's job). But Claude Code has a native Bash-sandbox you can turn on — and most people don't know it exists. This check surfaces the posture and nudges it. Toggle a machine's state:
/ork:doctor · check 15
Honest limits — doctor states these in the output
Bash-only. Confines Bash subprocesses. Read/Write tools, MCP, and hooks run unsandboxed. Raises the floor, not full containment.
~/.ssh readable by default unless sandbox.filesystem.denyRead is set — the nudge includes it.
No detection API.settings.local.json is the only signal; a CLI-flag sandbox reads as "not configured".