agent-safehouse
by eugene1g
Sandbox your local AI agents so they can read/write only what they need
1,168stars
40forks
Shell
Added 3/9/2026
AI Agentsai-agentsclaude-codellmmacossandboxsecurity
Installation
# Add to your Claude Code skills
git clone https://github.com/eugene1g/agent-safehouseAgent Safehouse
Sandbox your LLM coding agents on macOS so they can only access the files and integrations they actually need.
Agent Safehouse uses sandbox-exec with composable policy profiles and a deny-first model. It supports major coding agents and app-hosted agent workflows while keeping normal development usage practical.
Install
Homebrew:
brew install eugene1g/safehouse/agent-safehouse
Standalone script:
mkdir -p ~/.local/bin
curl -fsSL https://github.com/eugene1g/agent-safehouse/releases/latest/download/safehouse.sh \
-o ~/.local/bin/safehouse
chmod +x ~/.local/bin/safehouse
Philosophy
Agent Safehouse is designed around practical least privilege:
- Start from deny-all.
- Allow only what the agent needs to do useful work.
- Keep developer workflows productive.
- Make risk reduction easy by default.
It is a hardening layer, not a perfect security boundary against a determined attacker.
Documentation
- Website: agent-safehouse.dev
- Docs: agent-safehouse.dev/docs
- Policy Builder: agent-safehouse.dev/policy-builder
Machine-Specific Defaults
If you keep shared repos, caches, or team folders in machine-specific locations, keep those settings out of project config and put them in a shell wrapper plus a local appended profile.
This lets you define your own sane defaults once and reuse them from claude, codex, amp, or app launchers:
POSIX shells (zsh / bash):
# ~/.zshrc or ~/.bashrc
export SAFEHOUSE_APPEND_PROFILE="$HOME/.config/agent-safehouse/local-overrides.sb"
safe() {
safehouse \
--add-dirs-ro="$HOME/server" \
--append-profile="$SAFEHOUSE_APPEND_PROFILE" \
"$@"
}
safe-claude() { safe claude --dangerously-skip-permissions "$@" }
fish:
# ~/.config/fish/config.fish
set -gx SAFEHOUSE_APPEND_PROFILE "$HOME/.config/agent-safehouse/local-overrides.sb"
function safe
safehouse \
--add-dirs-ro="$HOME/server" \
--append-profile="$SAFEHOUSE_APPEND_PROFILE" \
$argv
end
function safe-claude
safe claude --dangerously-skip-permissions $argv
end
Example machine-local policy file:
;; ~/.config/agent-safehouse/local-overrides.sb
;; Host-specific exceptions that should not live in shared repo config.
(allow file-read*
(home-literal "/.gitignore_global")
(home-subpath "/Library/Application Support/CleanShot/med...
Comments (0)
to leave a comment.
No comments yet. Be the first to share your thoughts!
Related Skills
An open-source AI agent that brings the power of Gemini directly into your terminal.
97,469
12,195
TypeScript
AI Agentsaiai-agents
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
73,757
9,228
JavaScript
AI Agentsai-agentsanthropic
Context7 Platform -- Up-to-date code documentation for LLMs and AI code editors
48,800
2,303
TypeScript
MCP Serversllmmcp
⭐AI-driven public opinion & trend monitor with multi-platform aggregation, RSS, and smart alerts.🎯 告别信息过载,你的 AI 舆情监控助手与热点筛选工具!聚合多平台热点 + RSS 订阅,支持关键词精准筛选。AI 智能筛选新闻 + AI 翻译 + AI 分析简报直推手机,也支持接入 MCP 架构,赋能 AI 自然语言对话分析、情感洞察与趋势预测等。支持 Docker ,数据本地/云端自持。集成微信/飞书/钉钉/Telegram/邮件/ntfy/bark/slack 等渠道智能推送。
48,795
22,617
Python
MCP Serversaibark
A curated list of awesome Claude Skills, resources, and tools for customizing Claude AI workflows
43,513
4,373
Python
AI Agentsagent-skillsai-agents
CowAgent是基于大模型的超级AI助理,能主动思考和任务规划、访问操作系统和外部资源、创造和执行Skills、拥有长期记忆并不断成长。同时支持飞书、钉钉、企业微信应用、微信公众号、网页等接入,可选择OpenAI/Claude/Gemini/DeepSeek/ Qwen/GLM/Kimi/LinkAI,能处理文本、语音、图片和文件,可快速搭建个人AI助手和企业数字员工。
42,164
9,820
Python
AI Agentsaiai-agent