Getting started
Download a single shell script, make it executable, and run your agent inside it. No build step, no dependencies — just Bash and macOS.
bash # 1. Download safehouse (single self-contained script) mkdir -p ~/.local/bin curl -fsSL https://raw.githubusercontent.com/eugene1g/agent-safehouse/main/dist/safehouse.sh \ -o ~/.local/bin/safehouse chmod +x ~/.local/bin/safehouse # 2. Run any agent inside Safehouse cd ~/projects/my-app safehouse claude --dangerously-skip-permissions
Safehouse automatically grants read/write access to the selected workdir (git root by default) and read access to your installed toolchains. Most of your home directory — SSH keys, other repos, personal files — is denied by the kernel.
See it fail — proof the sandbox works
Try reading something sensitive inside safehouse. The kernel blocks it before the process ever sees the data.