agent-safehouse and tsk-tsk
These are **competitors** — both provide sandboxed execution environments for AI agents with principle-of-least-privilege file access controls, but Eugene1g's approach uses local isolation while Dtormoen's focuses on automation workflow constraints.
About agent-safehouse
eugene1g/agent-safehouse
Sandbox your local AI agents so they can read/write only what they need
Enforces fine-grained file and integration access using macOS `sandbox-exec` with composable policy profiles and automatic symlink resolution for system paths. Built-in profiles for Claude, Codex, and other coding agents provide deny-first defaults while supporting machine-specific overrides through appended policies and Git worktree auto-detection. Integrates with shell environments and local configuration to sandbox agent processes with minimal friction to normal development workflows.
About tsk-tsk
dtormoen/tsk-tsk
Keeping your agents out of trouble with sandboxed coding agent automation
Automates sandboxed execution of AI coding agent tasks using container isolation with automatic toolchain detection and domain-allowlisted network access via a proxy sidecar. Supports Claude Code and Codex agents across Docker/Podman runtimes, with task templating, parallel/chained execution, and asynchronous branch management for local review. Integrates with Claude Code Skills Marketplace and git workflows, allowing agents to work on repository copies while respecting gitignore rules and preventing accidental credential leaks.
Related comparisons
Scores updated daily from GitHub, PyPI, and npm data. How scores work