{"id":50389432,"url":"https://github.com/whiskeyjimbo/bento","last_synced_at":"2026-05-30T17:30:32.437Z","repository":{"id":360385436,"uuid":"1249905175","full_name":"whiskeyjimbo/bento","owner":"whiskeyjimbo","description":"A lightweight, zero-config script sandboxing engine in Go. Safely execute Python, Node, and Shell scripts under strict OS-level isolation (Bubblewrap/Seatbelt) with fine-grained network proxies, resource ceilings, and interactive permission prompts.","archived":false,"fork":false,"pushed_at":"2026-05-26T07:11:37.000Z","size":116,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-26T08:28:04.283Z","etag":null,"topics":["bubblewrap","devops","go","golang","isolation","landlock","sandbox","seatbelt","seccomp","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/whiskeyjimbo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-26T06:19:35.000Z","updated_at":"2026-05-26T07:11:41.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/whiskeyjimbo/bento","commit_stats":null,"previous_names":["whiskeyjimbo/bento"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/whiskeyjimbo/bento","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whiskeyjimbo%2Fbento","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whiskeyjimbo%2Fbento/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whiskeyjimbo%2Fbento/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whiskeyjimbo%2Fbento/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/whiskeyjimbo","download_url":"https://codeload.github.com/whiskeyjimbo/bento/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whiskeyjimbo%2Fbento/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33703063,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-30T02:00:06.278Z","response_time":92,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bubblewrap","devops","go","golang","isolation","landlock","sandbox","seatbelt","seccomp","security"],"created_at":"2026-05-30T17:30:32.026Z","updated_at":"2026-05-30T17:30:32.430Z","avatar_url":"https://github.com/whiskeyjimbo.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\".github/assets/bento-gopher.png\" width=\"25%\" alt=\"Bento Gopher Logo\" /\u003e\n\u003c/p\u003e\n\n# Bento\n\nA polyglot script sandbox for Linux and macOS. Declare a script's permissions in a declarative YAML manifest, and execute it under secure, kernel-enforced isolation.\n\n`bento` leverages native OS sandboxing primitives (`sandbox-exec` on macOS, `bubblewrap` on Linux) coupled with local proxy network filtering. It isolates untrusted Python, Node.js, Bash, Go, or other compiled/interpreter-driven scripts without container overhead and without requiring root privileges.\n\n\u003e **Pre-1.0**\n\u003e The public API (`bento.Run`, `bento.Doctor`, options, manifest types) is stable and unlikely to break in incompatible ways before 1.0. The macOS path compiles cleanly and parity with Linux is the design intent. Contributions and feedback are welcome.\n\n---\n\n## Key Capabilities\n\n* 🔒 **Filesystem Isolation:** Deny-by-default environment; bind-mounts exactly the explicit paths the script declares.\n* 🌐 **Network Control:** Strict, per-host domain allowlists enforced via local proxies and kernel barriers (Landlock or network namespace isolation).\n* 🚫 **Subprocess Interception:** A custom seccomp filter prevents untrusted scripts from spawning external shells or running arbitrary commands.\n* 🛡️ **Mandatory Deny-List:** Automatic, unbypassable shielding for SSH keys, cloud provider credentials, shell profiles, and Git hooks.\n* ⚡ **Zero Container Overhead:** Instant execution using host runtimes directly inside isolated OS namespaces.\n* 📊 **Resource Constraints:** Control maximum memory limits, CPU quotas, and thread counts using cgroups.\n\n---\n\n## Installation\n\n### 1. Build the Binary\n```bash\n# Clone the repository and compile\ngit clone https://github.com/whiskeyjimbo/bento\ncd bento\nmake build                             # Builds the CLI launcher and shims\n```\n\n### 2. Verify Your Environment\nRun the built-in diagnostic tool to ensure your system supports the sandboxing prerequisites:\n```bash\n./bin/bento doctor\n```\nIf `bento doctor` reports missing configurations (e.g. user namespace restrictions in modern Ubuntu), run the automated configuration setup:\n```bash\nsudo ./bin/bento setup\n```\n\n### 3. Install System-Wide (Optional)\n```bash\nsudo install bin/bento /usr/local/bin/\n```\n*Note: If you skip installing system-wide, run all examples below using `./bin/bento` instead of `bento`.*\n\n---\n\n## Quick Start\n\nThe fastest way to sandbox a script is using `bento profile`. This records a single run, logs its accesses, and writes a tailored manifest you can review and enforce.\n\n### 1. Profile a script\nRun `profile` to observe file writes and outbound network targets during a test execution:\n```bash\n$ bento profile ./fetch.py\n[bento] profiling \"./fetch.py\" (permissive network)...\n[bento] observed network:\n  Host                              Port    Count\n  api.example.com                   443     2\n[bento] observed filesystem writes:\n  /tmp/fetch-out.json\n[bento] wrote fetch.manifest.yaml — review and trim before running\n```\n\n### 2. Inspect the generated Manifest\nVerify the boundaries Bento will enforce:\n```bash\n$ bento validate fetch.manifest.yaml\nmanifest:    /tmp/fetch.manifest.yaml — ok\ninterpreter: python3  →  /usr/bin/python3\nscript:      /tmp/fetch.py\nread:        [ /tmp ]\nnetwork:     [ api.example.com:443 ]\nexec:        blocked (no subprocesses allowed)\n```\n\n### 3. Run under sandbox\nRun your script with full kernel-enforced sandboxing activated:\n```bash\n$ bento run fetch.manifest.yaml\n```\n\n---\n\n## Declarative Manifest Example\n\nManifests are simple, declarative YAML files. A typical configuration looks like this:\n\n```yaml\ninterpreter: python3\nscript: ./fetch.py\nread:\n  - /tmp/input-data\nwrite:\n  - /tmp/results\nnetwork:\n  rules:\n    - host: api.example.com\n      port: \"443\"\nlimits:\n  memory: \"128M\"      # Caps memory allocation\n  cpu: \"100%\"         # Limits CPU usage\n  tasks: 32           # Caps maximum concurrent threads/processes\n```\n\n---\n\n## CLI Usage Reference\n\n```bash\n# Run a script with a manifest\nbento run manifest.yaml\n\n# Run an ELF binary directly (no interpreter)\nbento run ./my-binary\n\n# Run a quick script with zero-config (no network, read-only script dir)\nbento run script.py\n\n# Inject environment variables to the sandbox\nbento run --env API_TOKEN=xyz --env ENV=prod manifest.yaml\n\n# Run with interactive prompting to allow-list misses dynamically\nbento run --prompt manifest.yaml\n```\n\n---\n\n## Comprehensive Documentation\n\nFor advanced usage, architecture deep dives, and integration guidelines, check out the specialized guides:\n\n* **[Manifest \u0026 Conventions Reference](docs/manifest-reference.md):** Complete manifest YAML specification, common patterns, and critical sandbox gotchas (stripped environment, username maps, subprocesses).\n* **[Technical Architecture \u0026 Internals](docs/architecture.md):** Details on Landlock and namespace bridge network backends, filesystem mounts, seccomp filters, and host validation security.\n* **[Go Library Integration Guide](docs/go-library.md):** How to import and use Bento inside your Go applications, API structure, and error handling behaviors.\n* **[Platform Support \u0026 Development](docs/platform-support.md):** Compatibility matrices (Linux and macOS support details), installation prerequisites, Ubuntu/AppArmor setups, and testing instructions.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwhiskeyjimbo%2Fbento","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwhiskeyjimbo%2Fbento","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwhiskeyjimbo%2Fbento/lists"}