No, it isn't fundamentally incompatible. It is a prefect reasonal requirement for an App Store app to be checked for security and sticking to the sandbox. Which by the way the operation system should enforce. An App should only be able to see the filesystem which belongs to its sandbox and shared forlders. Equally, any direct access to the hardware should be prohibited by the OS, and usually Unix systems are pretty good about that. The App Store review should only check whether an App is a security risk, perform any malware functionality behind the back of the user. But the review shouldn't cover what kind of App Apple likes. A fully sandboxes IDE should be possible. A local shell should be possible, when limited to the applications sandbox.