{"id":34572638,"url":"https://github.com/ashishb/amazing-sandbox","last_synced_at":"2026-05-22T06:19:25.490Z","repository":{"id":330118821,"uuid":"1118184497","full_name":"ashishb/amazing-sandbox","owner":"ashishb","description":"Amazing Sandbox  - run third-party tools and AI agents securely on your machine","archived":false,"fork":false,"pushed_at":"2026-03-01T06:13:36.000Z","size":147,"stargazers_count":74,"open_issues_count":0,"forks_count":7,"subscribers_count":2,"default_branch":"master","last_synced_at":"2026-03-01T09:36:17.902Z","etag":null,"topics":["developer-tools","devops","security-tools"],"latest_commit_sha":null,"homepage":"https://ashishb.net/programming/run-tools-inside-docker/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ashishb.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-17T11:35:20.000Z","updated_at":"2026-03-01T06:13:38.000Z","dependencies_parsed_at":"2026-02-07T02:00:55.189Z","dependency_job_id":null,"html_url":"https://github.com/ashishb/amazing-sandbox","commit_stats":null,"previous_names":["ashishb/amazing-sandbox"],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/ashishb/amazing-sandbox","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ashishb%2Famazing-sandbox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ashishb%2Famazing-sandbox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ashishb%2Famazing-sandbox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ashishb%2Famazing-sandbox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ashishb","download_url":"https://codeload.github.com/ashishb/amazing-sandbox/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ashishb%2Famazing-sandbox/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30164932,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-06T04:43:31.446Z","status":"ssl_error","status_checked_at":"2026-03-06T04:40:30.133Z","response_time":250,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["developer-tools","devops","security-tools"],"created_at":"2025-12-24T09:43:58.223Z","updated_at":"2026-05-22T06:19:25.475Z","avatar_url":"https://github.com/ashishb.png","language":"Go","funding_links":[],"categories":["Go","developer-tools","Containers, LXC, and packaged runtimes"],"sub_categories":["Multiplatform"],"readme":"# Amazing Sandbox (`asb`) ![GitHub Downloads (all assets, all releases)](https://img.shields.io/github/downloads/ashishb/amazing-sandbox/total)\n\n[![Lint GitHub Actions](https://github.com/ashishb/amazing-sandbox/actions/workflows/lint-github-actions.yaml/badge.svg)](https://github.com/ashishb/amazing-sandbox/actions/workflows/lint-github-actions.yaml)\n[![Lint Markdown](https://github.com/ashishb/amazing-sandbox/actions/workflows/lint-markdown.yaml/badge.svg)](https://github.com/ashishb/amazing-sandbox/actions/workflows/lint-markdown.yaml)\n[![Lint YAML](https://github.com/ashishb/amazing-sandbox/actions/workflows/lint-yaml.yaml/badge.svg)](https://github.com/ashishb/amazing-sandbox/actions/workflows/lint-yaml.yaml)\n\n[![Lint Go](https://github.com/ashishb/amazing-sandbox/actions/workflows/lint-go.yaml/badge.svg)](https://github.com/ashishb/amazing-sandbox/actions/workflows/lint-go.yaml)\n[![Validate Go code formatting](https://github.com/ashishb/amazing-sandbox/actions/workflows/format-go.yaml/badge.svg)](https://github.com/ashishb/amazing-sandbox/actions/workflows/format-go.yaml)\n\nAmazing Sandbox (AS) is for running various tools inside a [Docker](https://ashishb.net/programming/docker-101/)-based sandbox (by default) or inside\n[seatbelt-based](https://igorstechnoclub.com/sandbox-exec/)\n sandbox on Mac OS.\n\n- [x] Prevents [malicious packages](https://www.kaspersky.com/about/press-releases/kaspersky-uncovers-500k-crypto-heist-through-malicious-packages-targeting-cursor-developers) from having full disk access and stealing data\n- [x] Prevents AI agents from [mistakenly](https://www.theregister.com/2025/12/01/google_antigravity_wipes_d_drive/) deleting all files on your disk\n- [x] Optionally, run packages like linters [air-gapped](https://en.wikipedia.org/wiki/Air_gap_(networking)) (no internet access) as well\n\n## Features\n\nDefault config\n\n- [x] Give Read-write access to the current directory\n- [x] network access\n- [x] Load `.env` file from the current directory\n- [x] Cache various build steps using Docker\n- [x] Give Read-write access to any explicitly referenced files via CLI arguments\n\nConfigurable via CLI parameters\n\n- [x] Disable read access to the current and referenced directories via `-x`\n- [x] Provide Read-only access to the referenced directories via `-r`\n- [x] Disable network access - via `-n`\n- [x] Disable `.env` file loading via `--load-env=false`\n- [x] Add ability to pass a custom Docker image via `-i`\n\n## Supported\n\n- Python\n   - [x] `pip`\n   - [x] `poetry`\n   - [x] `uv`\n   - [x] `uvx`\n- JavaScript/Typescript\n   - [x] `npx`\n   - [x] `npm`\n   - [x] `yarn`\n   - [x] `pnpm`\n   - [x] `bun`\n- [x] Go `go-exec`\n- [x] Rust `cargo` and `cargo-exec`\n- [x] Ruby `gem` and `gem-exec`\n- [x] Haskell `cabal` and `cabal-exec`\n\n### Caches config of the following coding agents\n\nThe configuration of the following coding agents is mapped to the corresponding directories in\nyour home directory, so they will work seamlessly inside the sandbox without needing to\nre-authenticate or re-configure them.\n\n1. [Claude code](https://code.claude.com/docs/en/overview)\n1. [OpenAI Codex](https://openai.com/codex/)\n1. [Google Gemini CLI](https://github.com/google-gemini/gemini-cli)\n\n### Installation\n\n```\n$ go install github.com/ashishb/amazing-sandbox/src/asb/cmd/asb@latest\n...\n```\n\nOr download a binary from the [releases page](https://github.com/ashishb/amazing-sandbox/releases)\n\n## Usage\n\n### Run [yarn](https://yarnpkg.com/) with full access to current directory + a cache directory but no access to full disk\n\n```bash\n$ asb yarn install\n...\n```\n\n### Run [HTML linter](https://www.npmjs.com/package/htmlhint) inside the sandbox with `-n`, that is, no Internet access\n\n```bash\n$ asb -n npx htmlhint\n...  \n```\n\n### Run [yamllint](https://github.com/adrienverge/yamllint) inside the sandbox\n\n```bash\n$ asb uvx yamllint -d \u003cpath-to-dir-containing-yaml-files-to-lint\u003e\n...  \n```\n\n### Run [Claude code](https://code.claude.com/docs/en/overview) against the current directory\n\n```bash\n$ asb npx @anthropic-ai/claude-code\n...  \n```\n\n### Run [Open AI Codex](https://openai.com/codex/) against the  directory \"~/src/repo1\"\n\n```bash\n$ asb -d ~/src/repo1 npx @openai/codex\n...\n```\n\n### Run [Google Gemini CLI](https://github.com/google-gemini/gemini-cli) inside the sandbox\n\n```bash\n$ asb npx @google/gemini-cli@latest\n...\n```\n\n### Run [fd tool](https://github.com/sharkdp/fd) inside the sandbox with no Internet access\n\n```bash\n$ asb cargo install fd-find  # One time install\n...\n$ asb  -n cargo-exec fd '.*.go'\n...\n```\n\n### Run [hadolint](https://github.com/hadolint/hadolint) (Haskell-based Dockerfile linter) inside the sandbox\n\n```bash\n$ asb cabal update \u0026\u0026 asb cabal install hadolint  # One time install\n...\n$ asb -n cabal-exec hadolint Dockerfile\n...\n```\n\n## To see the full usage\n\n```bash\nasb is CLI tool for running tools inside Sandbox\nSee https://ashishb.net/programming/amazing-sandbox/ for reasoning behind this tool\n\n$ asb --help\nUsage:\n  asb [flags]\n  asb [command]\n\nAvailable Commands:\n  bun         Run a bun command\n  cabal       Run a Haskell cabal command\n  cabal-exec  Run a Haskell-based binary already installed inside sandbox\n  cargo       Run a cargo command\n  cargo-exec  Run a Rust-based binary package already installed inside sandbox\n  completion  Generate the autocompletion script for the specified shell\n  gem         Run a Ruby gem-based CLI tool\n  go-exec     Run a Go-based binary package using go run\n  help        Help about any command\n  node        Run a node command\n  npm         Run an npm command\n  npx         Run an npx command\n  pip         Install Python packages using pip\n  pip-exec    Run a Python-based package already installed inside sandbox\n  pnpm        Run a pnpm command\n  poetry      Run a poetry command\n  uv          Run a uv command\n  uvx         Run a Python-based package already installed inside sandbox using uvx\n  version     Display asb version\n  yarn        Run a yarn command\n\nFlags:\n  -i, --custom-docker-image string   Use a custom Docker image for the sandbox\n  -d, --directory string             Working directory for this command (default \"\u003ccurrent directory\u003e\")\n  -h, --help                         help for asb\n  -e, --load-env                     Load .env file from working directory (default true)\n      --mode string                  Sandbox mode to use (docker or native) (default \"docker\")\n  -m, --mount-ro stringArray         Mount a directory as read-only inside the sandbox (can be specified multiple times)\n  -x, --no-disk-access               Disable disk access inside the sandbox\n  -n, --no-network                   Disable network access inside the sandbox\n  -r, --read-only                    Load working directory and referenced directories as read-only\n  -w, --read-write                   Load working directory and referenced directories as read-write (default true)\n\n```\n\n## How I use it\n\nFor interactive shells, one can use bash aliases, for example, `alias htmlhint=asb -n npx htmlhint`.\nHowever, this does not work for non-interactive shells, for example, inside [Makefile](https://ashishb.net/programming/use-makefile-for-android/).\nSo, I prefer creating `~/.local/bin` which contains `htmlhint` [file](https://github.com/ashishb/dotfiles/blob/master/_local_bin/htmlhint)\ncontaining `asb npx htmlhint \"$@\"` and add `.local/bin` to the `$PATH` in `~/.bash_profile` via `export PATH=$PATH:$HOME/.local/bin`.\n\n## FAQ\n\n1. Why not use [bubblewrap](https://github.com/containers/bubblewrap)?  \n   It only [supports](https://github.com/containers/bubblewrap/issues/396) GNU/Linux.  \n   Further, the developer experience for trying to run a simple tool like `htmlhint` or `yamllint` is sub-par.\n1. Why not use [Firejail](https://github.com/netblue30/firejail)?  \n   No support for Mac OS or Windows.  \n   Further, the developer experience for trying to run a simple tool like `htmlhint` or `yamllint` is sub-par.\n1. Why not use `sandbox-exec` on Mac OS?  \n   `sandbox-exec` is [deprecated](https://github.com/openai/codex/issues/215)\n   but if you want you can use `asb` to use `sandbox-exec` via `asb --mode=sandbox-exec)\n1. Why not use [ai-jail](https://github.com/akitaonrails/ai-jail)?\n   `ai-jail` uses OS-level sandboxing via `bwrap` on Linux and the deprecated `sandbox-exec` on macOS.  \n   It has no Windows support.  \n   In contrast, `asb` uses Docker, which works consistently across Linux, macOS, and Windows.\n1. Why not use [drop](https://github.com/wrr/drop)?  \n   `drop` uses Linux mount namespaces for sandboxing and only supports Linux.  \n   In contrast, `asb` uses Docker, which works consistently across Linux, macOS, and Windows.\n1. I heard that Docker is not a [security boundary](https://kayssel.substack.com/p/docker-escape-breaking-out-of-containers)?\n   Containers aren't as strong a security boundary as VMs; however, this means that a successful attack now requires infection of the container AND a concurrent container-escape vulnerability.\n   That's a really high bar; someone would need to burn a 0-day on that. Taken from [here](https://news.ycombinator.com/item?id=47612726)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fashishb%2Famazing-sandbox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fashishb%2Famazing-sandbox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fashishb%2Famazing-sandbox/lists"}