Fence wraps commands in a sandbox that blocks network access by default and restricts filesystem operations based on configurable rules. It's most useful for running semi-trusted code (package installs, build scripts, CI jobs, unfamiliar repos) with controlled side effects, and it can also complement AI coding agents as defense-in-depth.
You can also think of Fence as a permission manager for your CLI agents.
# Block all network access (default) fence curl https://example.com # → 403 Forbidden # Allow specific domains fence -t code npm install # → uses 'code' template with npm/pypi/etc allowed # Block dangerous commands fence -c " rm -rf / " # → blocked by command deny rules
Install
curl -fsSL https://raw.githubusercontent.com/Use-Tusk/fence/main/install.sh | sh
Other installation methods Go install: go install github.com/Use-Tusk/fence/cmd/fence@latest Build from source: git clone https://github.com/Use-Tusk/fence cd fence go build -o fence ./cmd/fence
Additional requirements for Linux:
bubblewrap (for sandboxing)
(for sandboxing) socat (for network bridging)
(for network bridging) bpftrace (optional, for filesystem violation visibility when monitoring with -m )
... continue reading