agent-safehouse and sandboxed.sh
These are complements: agent-safehouse provides granular filesystem permission controls for local agents, while sandboxed.sh provides the isolated Linux workspace infrastructure that those permission-controlled agents would run within.
About agent-safehouse
eugene1g/agent-safehouse
Sandbox your local AI agents so they can read/write only what they need
Enforces fine-grained file and integration access using macOS `sandbox-exec` with composable policy profiles and automatic symlink resolution for system paths. Built-in profiles for Claude, Codex, and other coding agents provide deny-first defaults while supporting machine-specific overrides through appended policies and Git worktree auto-detection. Integrates with shell environments and local configuration to sandbox agent processes with minimal friction to normal development workflows.
About sandboxed.sh
Th0rgal/sandboxed.sh
Self-hosted orchestrator for AI autonomous agents. Run Claude Code & Open Code in isolated linux workspaces. Manage your skills, configs and encrypted secrets with a git repo.
Orchestrates multiple AI coding agent runtimes (Claude Code, OpenCode, Amp) with native systemd-nspawn container isolation for workspace security and file scoping. Features a Git-backed library for versioning skills, tools, rules, and MCP servers alongside an optional OpenAI-compatible proxy queue mode for rate-limit handling, with real-time monitoring dashboards and iOS app support via Next.js and SwiftUI frontends.
Related comparisons
Scores updated daily from GitHub, PyPI, and npm data. How scores work