GoKawiilπ« Zerobox Sandbox any command with file, network, and credential controls.
Lightweight, cross-platform process sandboxing powered by OpenAI Codex's sandbox runtime.
Deny by default: Writes, network, and environment variables are blocked unless you allow them
Writes, network, and environment variables are blocked unless you allow them Credential injection: Pass API keys that the process never sees. Zerobox injects real values only for approved hosts
Pass API keys that the process never sees. Zerobox injects real values only for approved hosts File access control: Allow or deny reads and writes to specific paths
Allow or deny reads and writes to specific paths Network filtering: Allow or deny outbound traffic by domain
Allow or deny outbound traffic by domain Clean environment: Only essential env vars (PATH, HOME, etc.) are inherited by default
Only essential env vars (PATH, HOME, etc.) are inherited by default TypeScript SDK: import { Sandbox } from "zerobox" with a Deno-style API
with a Deno-style API Cross-platform: macOS and Linux. Windows support planned
macOS and Linux. Windows support planned Single binary: No Docker, no VMs, ~10ms overhead
... continue reading