Agent Sandbox

AI coding agents run on your developer machine. By default they can read home directories, secrets, SSH keys, cloud credentials, and unrelated projects.

Agent Sandbox wraps an agent command in a temporary copy of your repo. The original working tree is untouched. Secret paths are blocked. The final diff only lands when you approve it.

macOS-native today. Linux is on the roadmap.

• Can the agent work in a temporary copy of the repo?
• Are secret paths (.env, ~/.ssh, ~/.aws) blocked?
• Are destructive shell commands blocked?
• Can I review the diff before applying it?
• Is sandbox state cleaned up after the run?

One command. No account. No telemetry.

1# install (macOS today, Linux on the roadmap)
2npm install -g @agentopssec/agent-sandbox
3 
4# run an agent in a sandboxed copy
5agent-sandbox run -- codex "fix the failing tests"
6 
7# read-only review mode
8agent-sandbox run --read-only -- gemini "review this repo"
9 
10# inspect and apply
11agent-sandbox diff latest
12agent-sandbox apply latest

Tight defaults — only allow what your project actually needs.

1{
2  "filesystem": {
3    "mode": "project-only",
4    "blockedPaths": [".env", ".env.local", "~/.ssh", "~/.aws", "~/.config"]
5  },
6  "network": { "enabled": false },
7  "shell": {
8    "allowedCommands": ["npm test", "npm run build", "git diff"],
9    "blockedCommands": ["rm -rf", "curl", "scp", "ssh"]
10  }
11}

Output after a sandboxed agent finishes — safe to review, safe to discard.