<2-3 sentences summarising what the project addresses and solves, the target audience, and the benefit.> Agent Safehouse provides a macOS sandbox for LLM coding agents, meticulously restricting their file system access to only essential directories and integrations. It targets developers integrating LLM agents into their workflows, offering a practical approach to least privilege that significantly enhances security without compromising developer productivity.

How It Works

<2-4 sentences on core approach / design (key algorithms, models, data flow, or architectural choices) and why this approach is advantageous or novel.> The project leverages macOS's native sandbox-exec utility, implementing a robust deny-first security model through composable policy profiles. This design philosophy prioritizes practical least privilege, beginning with a default deny-all stance and selectively granting only the permissions necessary for agents to perform their intended tasks. This granular control mechanism aims to simplify risk reduction for developers while ensuring efficient and productive coding environments.

Quick Start & Requirements

• Primary Install/Run: Setup involves configuring shell wrappers (e.g., ~/.zshrc, ~/.bashrc, ~/.config/fish/config.fish) to integrate the safehouse command, which manages agent execution within the sandbox.
• Prerequisites: A macOS operating system is required.
• Links:
  • Website: https://agent-safehouse.dev
  • Docs: https://agent-safehouse.dev/docs
  • Policy Builder: https://agent-safehouse.dev/policy-builder
• Setup: Configuration typically involves defining machine-specific defaults and creating custom policy exceptions for unique development environments.

Highlighted Details

• Broad compatibility with major coding agents and app-hosted agent workflows.
• Core functionality relies on macOS sandbox-exec with a system of composable policy profiles for fine-grained access control.
• Adheres to a strict deny-first model, ensuring a practical implementation of least privilege principles.
• Features an interactive Policy Builder tool to simplify the creation and management of security profiles.
• Supports flexible configuration through shell wrappers and appended profiles for machine-local exceptions and shared repository setups.

Maintenance & Community

No specific details regarding core contributors, project sponsorships, or community engagement channels (e.g., Discord, Slack) are provided within the README.

Licensing & Compatibility

The README does not explicitly state the software license. This omission necessitates further investigation to determine compatibility for commercial use or integration within closed-source projects.

Limitations & Caveats

<1-3 sentences on caveats: unsupported platforms, missing features, alpha status, known bugs, breaking changes, bus factor, deprecation, etc. Avoid vague non-statements and judgments.> The project is explicitly characterized as a "hardening layer, not a perfect security boundary against a determined attacker." This implies its primary function is risk mitigation rather than providing an impenetrable security enclosure.