Agent Safehouse – macOS-native sandboxing for local agents
2 days ago
- #macOS
- #sandboxing
- #security
- macOS-native sandboxing for local agents ensures safety by restricting access outside the sandbox.
- Agents inherit full user permissions but Safehouse restricts access unless explicitly granted.
- Download and run Safehouse with a single shell script—no build step or dependencies required.
- Safehouse automatically grants read/write access to the workdir and read access to toolchains.
- Attempts to access sensitive files like SSH keys or other repos are blocked by the kernel.
- Configure shell to automatically run agents in Safehouse, bypassing with `command` for unsandboxed execution.