{"id":50578188,"url":"https://github.com/fencesandbox/fence","last_synced_at":"2026-06-08T05:00:49.753Z","repository":{"id":329333547,"uuid":"1119154862","full_name":"fencesandbox/fence","owner":"fencesandbox","description":"Lightweight, container-free sandbox for running commands with network and filesystem restrictions","archived":false,"fork":false,"pushed_at":"2026-05-30T09:04:48.000Z","size":2220,"stargazers_count":774,"open_issues_count":19,"forks_count":30,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-05-30T09:06:29.667Z","etag":null,"topics":["bubblewrap","code-security","coding-agent","landlock","sandbox","seatbelt","seccomp","socat"],"latest_commit_sha":null,"homepage":"https://fencesandbox.com/docs","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fencesandbox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"docs/agents.md","dco":null,"cla":null}},"created_at":"2025-12-18T20:44:11.000Z","updated_at":"2026-05-30T09:04:50.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/fencesandbox/fence","commit_stats":null,"previous_names":["use-tusk/fence","jy-tan/fence","fencesandbox/fence"],"tags_count":60,"template":false,"template_full_name":null,"purl":"pkg:github/fencesandbox/fence","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fencesandbox%2Ffence","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fencesandbox%2Ffence/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fencesandbox%2Ffence/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fencesandbox%2Ffence/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fencesandbox","download_url":"https://codeload.github.com/fencesandbox/fence/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fencesandbox%2Ffence/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34048682,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-08T02:00:07.615Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bubblewrap","code-security","coding-agent","landlock","sandbox","seatbelt","seccomp","socat"],"created_at":"2026-06-05T00:00:35.172Z","updated_at":"2026-06-08T05:00:49.747Z","avatar_url":"https://github.com/fencesandbox.png","language":"Go","funding_links":[],"categories":["Go","others"],"sub_categories":[],"readme":"![Fence Banner](assets/fence-banner.png)\n\n\u003cdiv align=\"center\"\u003e\n\n![GitHub Release](https://img.shields.io/github/v/release/fencesandbox/fence)\n[![Build and test](https://github.com/fencesandbox/fence/actions/workflows/main.yml/badge.svg?branch=main)](https://github.com/fencesandbox/fence/actions/workflows/main.yml)\n[![Docs](https://img.shields.io/badge/docs-fencesandbox.com-4c1?logo=bookstack\u0026logoColor=white\u0026color=mediumslateblue)](https://fencesandbox.com/docs)\n[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/fencesandbox/fence)\n[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n\n\u003c/div\u003e\n\nFence wraps commands in a sandbox that blocks network access by default and restricts filesystem operations based on configurable rules. It's most useful for running semi-trusted code (package installs, build scripts, CI jobs, unfamiliar repos) with controlled side effects, and it can also complement AI coding agents as defense-in-depth.\n\n```bash\n# Block all network access (default)\nfence curl https://example.com  # → 403 Forbidden\n\n# Allow specific domains\nfence -t code npm install  # → uses 'code' template with npm/pypi/etc allowed\n\n# Block dangerous commands\nfence -c \"rm -rf /\"  # → blocked by command deny rules\n```\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"assets/demo.gif\" alt=\"Fence Claude Code demo\" width=\"800\"\u003e\n\u003c/p\u003e\n\nFence is also a permission manager for your CLI agents. **Works with popular coding agents like Claude Code, Codex, Amp, Gemini CLI, GitHub Copilot, OpenCode, Factory (Droid) CLI, and many more** - see [agents.md](./docs/agents.md).\n\n## Install\n\n\u003e [!NOTE]\n\u003e Fence has moved from `github.com/Use-Tusk/fence` to `github.com/fencesandbox/fence`.\n\u003e If you installed with Homebrew from the old Tusk tap, switch to the new tap:\n\u003e\n\u003e ```bash\n\u003e brew uninstall use-tusk/tap/fence\n\u003e brew untap use-tusk/tap\n\u003e brew tap fencesandbox/tap\n\u003e brew install fencesandbox/tap/fence\n\u003e ```\n\u003e\n\u003e If you installed with `go install`, reinstall from the new module path:\n\u003e\n\u003e ```bash\n\u003e go install github.com/fencesandbox/fence/cmd/fence@latest\n\u003e ```\n\n**macOS / Linux:**\n\n```bash\ncurl -fsSL https://cli.fencesandbox.com/install.sh | sh\n```\n\n**Homebrew (macOS):**\n\n```bash\nbrew tap fencesandbox/tap\nbrew install fencesandbox/tap/fence\n```\n\n**Nix (macOS, Linux, Windows (WSL)):**\n\n```sh\nnix run nixpkgs#fence -- --help\n```\n\nThis runs it directly from the repository, without installing `fence`. If you want to install it, follow the guidelines [from NixOS](https://nix.dev) or [nix-darwin](https://github.com/nix-darwin/nix-darwin).\n\n\u003cdetails\u003e\n\u003csummary\u003eOther installation methods\u003c/summary\u003e\n\n**Go install:**\n\n```bash\ngo install github.com/fencesandbox/fence/cmd/fence@latest\n```\n\n**Build from source:**\n\n```bash\ngit clone https://github.com/fencesandbox/fence\ncd fence\ngo build -o fence ./cmd/fence\n```\n\n\u003c/details\u003e\n\n**Additional requirements for Linux:**\n\n- `bubblewrap` (for sandboxing)\n- `socat` (for network bridging)\n- `bpftrace` (optional, for filesystem violation visibility when monitoring with `-m`)\n\n## Usage\n\n### Basic\n\n```bash\n# Run command with all network blocked (no domains allowed by default)\nfence curl https://example.com\n\n# Run with shell expansion\nfence -c \"echo hello \u0026\u0026 ls\"\n\n# Enable debug logging\nfence -d curl https://example.com\n\n# Use a template\nfence -t code -- claude  # Runs Claude Code using `code` template config\n\n# Monitor mode (shows violations)\nfence -m npm install\n\n# Send Fence's own monitor/debug logs to a file\nfence -m --fence-log-file /tmp/fence.log -- claude\ntail -f /tmp/fence.log\n\n# Inspect the config inheritance chain and active merged config\nfence config show\n\n# Show all commands and options\nfence --help\n```\n\n\u003e [!TIP]\n\u003e Need to pass flags to the command you are running? Use `--` to separate Fence flags from command flags, for example:\n\u003e\n\u003e ```bash\n\u003e fence -- claude --dangerously-skip-permissions\n\u003e ```\n\n### Configuration\n\nWhen `--settings` is not provided, Fence first looks for `fence.jsonc` (or `fence.json`) in the current directory and parent directories. If none is found, it falls back to `~/.config/fence/fence.{jsonc,json}`. Both extensions are treated as JSONC (comments and trailing commas are allowed). See [configuration reference](./docs/configuration.md) for more details.\n\n```json\n{\n  \"$schema\": \"https://raw.githubusercontent.com/fencesandbox/fence/main/docs/schema/fence.schema.json\",\n  \"extends\": \"code\",\n  \"network\": { \"allowedDomains\": [\"private.company.com\"] },\n  \"filesystem\": { \"allowWrite\": [\".\"] },\n  \"command\": { \"deny\": [\"git push\", \"npm publish\"] }\n}\n```\n\nFor repo-local overrides on top of each user's normal Fence config, use:\n\n```json\n{\n  \"extends\": \"@base\",\n  \"filesystem\": { \"allowWrite\": [\".\"] }\n}\n```\n\nUse `fence --settings ./custom.json` to specify a different config.\n\nInspect the active config without running a command:\n\n```bash\nfence config show\nfence config show --settings ./custom.json\nfence config show --template code\n```\n\n`fence config show` prints the config chain to `stderr` and the fully resolved config as plain JSON to `stdout`, so you can pipe the JSON to tools like `jq`.\n\nCreate a starter config with sensible defaults:\n\n```bash\n# Creates config at the default path with:\n# { \"extends\": \"code\" }\nfence config init\n\n# Include scaffold arrays as editable hints\nfence config init --scaffold\n```\n\n### Import from Claude Code\n\n```bash\nfence import --claude --save\n```\n\n## Features\n\n- **Network isolation** - All outbound blocked by default; allowlist domains via config\n- **Filesystem restrictions** - Control read/write access paths\n- **Command blocking** - Deny dangerous commands like `rm -rf /`, `git push`\n- **SSH Command Filtering** - Control which hosts and commands are allowed over SSH\n- **Built-in templates** - Pre-configured rulesets for common workflows\n- **Violation monitoring** - Real-time logging of blocked requests (`-m`)\n- **Cross-platform** - macOS (sandbox-exec) + Linux (bubblewrap)\n\nFence can be used as a Go package or CLI tool.\n\n## Documentation\n\nFull docs are hosted at **[fencesandbox.com/docs](https://fencesandbox.com/docs)**.\n\nQuick links:\n\n- [Quickstart](https://fencesandbox.com/docs/quickstart) ([source](docs/quickstart.md))\n- [Configuration Reference](https://fencesandbox.com/docs/reference/configuration) ([source](docs/configuration.md))\n- [Agent Hooks](https://fencesandbox.com/docs/guides/hooks) ([source](docs/hooks.md))\n- [Security Model](https://fencesandbox.com/docs/reference/security-model) ([source](docs/security-model.md))\n- [Go Library Usage](https://fencesandbox.com/docs/reference/library) ([source](docs/library.md))\n- [Architecture](https://fencesandbox.com/docs/reference/architecture) ([source](ARCHITECTURE.md))\n\n## Attribution\n\nInspired by Anthropic's [sandbox-runtime](https://github.com/anthropic-experimental/sandbox-runtime).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffencesandbox%2Ffence","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffencesandbox%2Ffence","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffencesandbox%2Ffence/lists"}