{"id":42875369,"url":"https://github.com/Use-Tusk/fence","last_synced_at":"2026-02-10T06:01:06.314Z","repository":{"id":329333547,"uuid":"1119154862","full_name":"Use-Tusk/fence","owner":"Use-Tusk","description":"Lightweight, container-free sandbox for running commands with network and filesystem restrictions","archived":false,"fork":false,"pushed_at":"2026-02-06T00:59:44.000Z","size":715,"stargazers_count":445,"open_issues_count":2,"forks_count":5,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-02-06T10:48:14.054Z","etag":null,"topics":["bubblewrap","code-security","coding-agent","landlock","sandbox","seatbelt","seccomp","socat"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Use-Tusk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"docs/agents.md","dco":null,"cla":null}},"created_at":"2025-12-18T20:44:11.000Z","updated_at":"2026-02-06T10:26:53.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/Use-Tusk/fence","commit_stats":null,"previous_names":["use-tusk/fence"],"tags_count":20,"template":false,"template_full_name":null,"purl":"pkg:github/Use-Tusk/fence","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Use-Tusk%2Ffence","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Use-Tusk%2Ffence/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Use-Tusk%2Ffence/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Use-Tusk%2Ffence/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Use-Tusk","download_url":"https://codeload.github.com/Use-Tusk/fence/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Use-Tusk%2Ffence/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29292053,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-10T03:42:42.660Z","status":"ssl_error","status_checked_at":"2026-02-10T03:42:41.897Z","response_time":65,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bubblewrap","code-security","coding-agent","landlock","sandbox","seatbelt","seccomp","socat"],"created_at":"2026-01-30T14:00:23.141Z","updated_at":"2026-02-10T06:01:06.296Z","avatar_url":"https://github.com/Use-Tusk.png","language":"Go","readme":"![Fence Banner](assets/fence-banner.png)\n\n\u003cdiv align=\"center\"\u003e\n\n![GitHub Release](https://img.shields.io/github/v/release/Use-Tusk/fence)\n\n\u003c/div\u003e\n\nFence wraps commands in a sandbox that blocks network access by default and restricts filesystem operations based on configurable rules. It's most useful for running semi-trusted code (package installs, build scripts, CI jobs, unfamiliar repos) with controlled side effects, and it can also complement AI coding agents as defense-in-depth.\n\n```bash\n# Block all network access (default)\nfence curl https://example.com  # → 403 Forbidden\n\n# Allow specific domains\nfence -t code npm install  # → uses 'code' template with npm/pypi/etc allowed\n\n# Block dangerous commands\nfence -c \"rm -rf /\"  # → blocked by command deny rules\n```\n\nYou can also think of Fence as a permission manager for your CLI agents. **Fence works with popular coding agents like Claude Code, Codex, Gemini CLI, Cursor Agent, OpenCode, Factory (Droid) CLI, etc.** See [agents.md](./docs/agents.md) for more details.\n\n## Install\n\n**macOS / Linux:**\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/Use-Tusk/fence/main/install.sh | sh\n```\n\n\u003cdetails\u003e\n\u003csummary\u003eOther installation methods\u003c/summary\u003e\n\n**Go install:**\n\n```bash\ngo install github.com/Use-Tusk/fence/cmd/fence@latest\n```\n\n**Build from source:**\n\n```bash\ngit clone https://github.com/Use-Tusk/fence\ncd fence\ngo build -o fence ./cmd/fence\n```\n\n\u003c/details\u003e\n\n**Additional requirements for Linux:**\n\n- `bubblewrap` (for sandboxing)\n- `socat` (for network bridging)\n- `bpftrace` (optional, for filesystem violation visibility when monitoring with `-m`)\n\n## Usage\n\n### Basic\n\n```bash\n# Run command with all network blocked (no domains allowed by default)\nfence curl https://example.com\n\n# Run with shell expansion\nfence -c \"echo hello \u0026\u0026 ls\"\n\n# Enable debug logging\nfence -d curl https://example.com\n\n# Use a template\nfence -t code -- claude  # Runs Claude Code using `code` template config\n\n# Monitor mode (shows violations)\nfence -m npm install\n\n# Show all commands and options\nfence --help\n```\n\n### Configuration\n\nFence reads from `~/.config/fence/fence.json` by default (or `~/Library/Application Support/fence/fence.json` on macOS).\n\n```json\n{\n  \"extends\": \"code\",\n  \"network\": { \"allowedDomains\": [\"private.company.com\"] },\n  \"filesystem\": { \"allowWrite\": [\".\"] },\n  \"command\": { \"deny\": [\"git push\", \"npm publish\"] }\n}\n```\n\nUse `fence --settings ./custom.json` to specify a different config.\n\n### Import from Claude Code\n\n```bash\nfence import --claude --save\n```\n\n## Features\n\n- **Network isolation** - All outbound blocked by default; allowlist domains via config\n- **Filesystem restrictions** - Control read/write access paths\n- **Command blocking** - Deny dangerous commands like `rm -rf /`, `git push`\n- **SSH Command Filtering** - Control which hosts and commands are allowed over SSH\n- **Built-in templates** - Pre-configured rulesets for common workflows\n- **Violation monitoring** - Real-time logging of blocked requests (`-m`)\n- **Cross-platform** - macOS (sandbox-exec) + Linux (bubblewrap)\n\nFence can be used as a Go package or CLI tool.\n\n## Documentation\n\n- [Index](/docs/README.md)\n- [Quickstart Guide](docs/quickstart.md)\n- [Configuration Reference](docs/configuration.md)\n- [Security Model](docs/security-model.md)\n- [Architecture](ARCHITECTURE.md)\n- [Library Usage (Go)](docs/library.md)\n- [Examples](examples/)\n\n## Attribution\n\nInspired by Anthropic's [sandbox-runtime](https://github.com/anthropic-experimental/sandbox-runtime).\n","funding_links":[],"categories":["Go","others","Sandboxing \u0026 Isolation"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FUse-Tusk%2Ffence","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FUse-Tusk%2Ffence","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FUse-Tusk%2Ffence/lists"}