Security●●●Banger
Userland local agent sandbox with real-time network control dashboard
Kernel-enforced agent sandboxing that blocks .env access without container overhead.
WizardrySolve My ProblemZero to One
cowpig
713mo ago
Back to browse
GitHub Repository
Run any untrusted process with restricted filesystem and network access, using native OS primitives.
8 starsRust
Pent – A sandbox for AI agents
by rad_val·Mar 3, 2026·2 points·0 comments
AI Analysis
●●●BangerWizardryNiche Gem
Domain-allowlist network sandbox for any process—no VM, native Landlock and overlayfs.
Strengths
- •Zero-config profiles (@claude, @gh, @npm, etc.) ship ready-to-use—usable in minutes.
- •Native OS primitives (Landlock + overlayfs + network namespacing) mean fast overhead vs Docker/Firejail.
- •Genuine security insight: filesystem path allowlisting + overlayfs shadowing is less error-prone than mount-bind-only approaches.
Weaknesses
- •macOS network containment missing—only filesystem isolation via Seatbelt, asymmetric feature parity.
- •Early adoption risk: Landlock is relatively new, adoption/stability not yet battle-tested at scale.
Category
Target Audience
Developers running AI agents, scripts, or tools from untrusted sources who need fine-grained containment.
Similar To
Firejail · bubblewrap · Docker
Similar Projects
Security●●●Banger
Ash, an Agent Sandbox for Mac
macOS Endpoint Security frameworks beat sandbox-exec for AI agent isolation.
WizardrySolve My Problem
amsha
16153mo ago
Infrastructure●●Solid
Isola – Open-source sandboxing on Kubernetes
gVisor sandboxing with filesystem snapshots for warm AI code execution environments.
Solve My ProblemSlick
benldrmn
201mo ago
Security●●●Banger
Drop – Linux sandboxing for LLM agents and untrusted code
Virtualenv for system isolation—your configs carry over but SSH keys stay protected.
Big BrainSolve My ProblemZero to One
mixedbit
102mo ago
Infrastructure●●Solid
Run untrusted WASM plugins with CPU/mem/network/file budgets
Deterministic budget enforcement on WASM syscalls—clean threat model, but early-stage tooling.
WizardryNiche Gem
akgitrepos
113mo ago
Developer Tools●●●Banger
Tilde.run – Agent Sandbox with a Transactional, Versioned Filesystem
Roll back any agent run like a Git commit with a single command.
SlickSolve My ProblemBig Brain
ozkatz
2051331mo ago