{"id":51431170,"url":"https://github.com/ribomo/opencode-sandbox","last_synced_at":"2026-07-05T04:01:59.525Z","repository":{"id":365372250,"uuid":"1230601204","full_name":"ribomo/opencode-sandbox","owner":"ribomo","description":"A small Linux wrapper that launches opencode inside a Bubblewrap sandbox with project local state.","archived":false,"fork":false,"pushed_at":"2026-06-17T03:18:44.000Z","size":6,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-17T05:10:30.780Z","etag":null,"topics":["bash","bubblewrap","linux","opencode","sandbox"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ribomo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-06T06:36:16.000Z","updated_at":"2026-06-17T03:18:47.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/ribomo/opencode-sandbox","commit_stats":null,"previous_names":["ribomo/opencode-sandbox"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/ribomo/opencode-sandbox","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ribomo%2Fopencode-sandbox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ribomo%2Fopencode-sandbox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ribomo%2Fopencode-sandbox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ribomo%2Fopencode-sandbox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ribomo","download_url":"https://codeload.github.com/ribomo/opencode-sandbox/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ribomo%2Fopencode-sandbox/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35142824,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-05T02:00:06.290Z","response_time":100,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","bubblewrap","linux","opencode","sandbox"],"created_at":"2026-07-05T04:01:58.688Z","updated_at":"2026-07-05T04:01:59.482Z","avatar_url":"https://github.com/ribomo.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# opencode-sandbox\n\n`opencode-sandbox` launches `opencode` inside a small Bubblewrap sandbox for Linux.\n\nIt is a small Bash wrapper that:\n\n- uses the current directory as the writable project root,\n- stores sandbox state under `./.sandbox`,\n- keeps host network access enabled,\n- and mounts Node automatically when the resolved `opencode` entrypoint is a Node launcher.\n\n## Why Sandbox Opencode?\n\nRunning `opencode` in a sandbox gives it the files it needs for the current project without giving it unrestricted access to the rest of the machine.\n\nThis wrapper is useful when you want to:\n\n- avoid accidental reads or writes outside the repo,\n- keep generated state in `./.sandbox`,\n- reduce the impact of bad commands, broken scripts, or prompt mistakes,\n- and make the environment more predictable across Linux machines.\n\nThe goal is not perfect isolation. It is a practical safety boundary that keeps day-to-day usage pointed at the project directory instead of the whole host system.\n\n## Requirements\n\n- Linux only\n- Bubblewrap must be installed; check with `command -v bwrap`\n- `opencode` required\n\nNon-Linux platforms are out of scope for this version.\n\n## Install\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/ribomo/opencode-sandbox/main/install.sh | bash\n```\n\nOr with a custom install directory:\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/ribomo/opencode-sandbox/main/install.sh | PREFIX=/usr/local/bin bash\n```\n\nThen run it from any project:\n\n```bash\nopencode-sandbox\n```\n\n## Quick Start\n\nRun the wrapper from the project directory you want to expose inside the sandbox:\n\n```bash\nopencode-sandbox\n```\n\nRun a simple launch check:\n\n```bash\nopencode-sandbox --help\n```\n\n## Usage\n\nPass any normal Opencode arguments through the wrapper:\n\n```bash\nopencode-sandbox --help\nopencode-sandbox run \"summarize this repository\"\n```\n\n## Behavior\n\n- The current working directory is bind-mounted read-write.\n- Sandbox state is written to `./.sandbox`.\n- `/usr`, `/etc`, and common system library directories are mounted read-only.\n- `/run` is mounted read-only so host runtime files such as DNS resolver state remain available.\n- The wrapper always shares the host network namespace.\n- If the resolved Opencode entrypoint starts with a Node shebang, the wrapper also exposes the matching Node install root.\n- `XDG_CONFIG_HOME` is redirected to `./.sandbox/config`, so opencode reads its global config from `./.sandbox/config/opencode/` instead of `~/.config/opencode/`.\n\n## Config behavior\n\nThe sandbox creates an isolated config directory at `./.sandbox/config/opencode/` with its own `opencode.jsonc`. This is the writable config that `opencode` sees as its global config (because `XDG_CONFIG_HOME` is set to `./.sandbox/config`).\n\nIf `~/.config/opencode/` also exists on the host, it is **bind-mounted read-only** into the sandbox on top of `./.sandbox/config/opencode/`. This means:\n\n- Your real global config (agents, commands, MCP servers, themes, etc.) is visible inside the sandbox.\n- You cannot accidentally modify your real config from within the sandbox — the mount is read-only.\n- Any config files you write or edit inside the sandbox go to `./.sandbox/config/opencode/` and do not affect the host.\n\nIf `~/.config/opencode/` does **not** exist, only the `./.sandbox/config/opencode/` copy is used.\n\n## SSH and Git behavior\n\nThe sandbox sets up SSH so that `git push`, `git fetch`, and other remote operations work from within the sandbox.\n\n- `GIT_SSH_COMMAND` is set with absolute paths into `.sandbox/home/.ssh` for SSH config and host keys. The `-F` flag skips the host's system SSH config (`/etc/ssh/ssh_config`), which may have broken ownership or permissions in some container/sandbox environments.\n- If `~/.ssh/config` exists on the host, it is **bind-mounted read-only** into the sandbox. Otherwise an empty config is created so `-F` has a file to read.\n- If `~/.ssh/known_hosts` exists on the host, it is **bind-mounted read-only**, preserving host-key verification state across sandbox runs.\n- If `SSH_AUTH_SOCK` is set and points to a valid socket with loaded identities, it is **forwarded** into the sandbox so existing SSH agent connections work.\n- If no usable SSH agent is available, the wrapper starts a temporary host-side agent, runs `ssh-add` for the first default key it finds, forwards that agent socket into the sandbox, and stops the temporary agent when Opencode exits.\n- Private keys such as `id_ed25519`, `id_ecdsa`, and `id_rsa` are **never mounted** into the sandbox. If no key can be loaded into an agent, SSH-based Git operations fail safely instead of exposing key material.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fribomo%2Fopencode-sandbox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fribomo%2Fopencode-sandbox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fribomo%2Fopencode-sandbox/lists"}