The constraint is the feature

Anthropics's new Artifacts capability for Claude Code does something counterintuitive for an enterprise product launch: it ships with an explicit list of things it will never do. The published documentation is direct — "an artifact is a capture of work, not an application" — and the technical implementation enforces that position. Every Artifact is a single HTML file, capped at 16 MiB rendered size, wrapped in a Content Security Policy (CSP) that blocks all external network requests. No `fetch`, no XHR, no WebSockets. All CSS and JavaScript must be inlined; images must be embedded as data URIs.

That is not an oversight. It is Anthropic's answer to a specific enterprise problem: how do you let an AI coding agent share live, visual context with non-technical stakeholders without creating a new data-exfiltration surface?

What it actually does

When an engineer is working inside a Claude Code session — available on Team and Enterprise subscription tiers — the agent can now spin up a shareable web page directly from the session's context: the local repository, connected monitoring tools, and the conversational reasoning already in progress. The page updates in place as the agent works, at the same URL, without requiring the engineer to wire up external infrastructure or export anything manually.

Boris Cherny, the lead creator of Claude Code, described his own use in a post on X: "visual explanations of tricky code, system diagrams, quick previews of a few animation options, data analyses and dashboards I share with the team."

Every published Artifact generates a version history, so teammates can track the agent's progress or roll back to an earlier state. Access is gated to authenticated members of the publishing engineer's organization; there is no mechanism to make an Artifact publicly accessible. Org-level administrators control the feature through role-based toggles and retention policies, with oversight available via a compliance API.

How it compares to OpenAI Codex Sites

OpenAI shipped a broadly similar-sounding feature — Codex Sites — roughly two weeks earlier, but the architectural choices diverge sharply.

Codex Sites generates Cloudflare Worker-compatible ES modules and supports persistent backend infrastructure: D1 relational databases for structured data and R2 object storage for file uploads. A Codex Site can support public sign-ins, integrate with external identity providers, and apply granular access controls down to custom user groups. OpenAI also provides a dedicated panel for managing runtime environment variables and secrets, so sensitive keys stay out of source files. The two-stage publishing process — a reviewable candidate linked to a Git commit before production deployment — is designed for durable internal tooling.

The gap is not a matter of one product being more mature. They are solving different problems. Codex Sites is positioned to replace functional internal SaaS tools. Claude Code Artifacts is positioned to replace the status-update meeting.

Licensing and what enterprises actually own

Both features ship under closed, proprietary licenses. That means enterprise customers do not hold code-level ownership over the rendering engine (Anthropic) or the integration nodes (OpenAI). Neither can be independently forked or self-hosted — a meaningful consideration for organizations with strict data-residency or vendor-lock-in policies.

Both vendors have responded to that exposure with access controls rather than portability. Anthropic's org-level compliance API and default-private posture are the primary mitigations. OpenAI's workspace-level RBAC and secrets management serve the same function on a more complex attack surface, given that Codex Sites can expose public-facing URLs.

The tradeoff in plain terms

If your team needs a live, secure visual layer on top of an active engineering workflow — something a product manager can open on a phone without touching the codebase — Claude Code Artifacts is a direct fit. If you need that output to persist, authenticate external users, or evolve into a standalone internal tool, Codex Sites is the closer match, with the corresponding increase in infrastructure complexity and attack surface.