AI UNDERDOGSDAILY PICK
AI UNDERDOGS
给 Claude Code 加一道围栏
A Fence for Claude Code
sheremetyev/sandfence
你敢让 Claude Code 裸跑吗?
SSH 密钥
.env 文件全在它射程范围内
Claude Code runs with full filesystem access —
your SSH keys, .env files, everything's in range
shell 脚本做围栏
A Shell Script Fence
sandfence 的思路很简单——既然 AI Agent 危险
那就给它画个圈
不是 Docker 不是虚拟机
就一个 shell 脚本
小到你花两分钟就能读完每一行
Sandfence draws a circle around your AI agent
Not Docker, not a VM — just a
shell script small enough you can read every
line in two minutes before deciding to trust
it
★ SIGNAL 1
用 macOS 自己的沙箱
macOS's Own Sandbox
他没引入任何外部依赖
直接调 macOS 自带的 sandbox-exec
虽然苹果已经标记废弃了,但实际还能用
用操作系统的安全机制来限制 AI
这品味挺正的
Zero external dependencies — it wraps macOS's own
sandbox-exec, which Apple deprecated but still works. Using
the OS's security primitives to cage your AI
agent — that's good taste
★ SIGNAL 2
预置了三个工具链
Presets for 3 Toolchains
不是光嘴上说安全,他给 Rust
Node
Python 三个主流工具链都做了预设配置
AI 写代码没问题
但你硬盘上其他东西它碰不到
网络也被管着
It ships presets for Rust, Node, and Python
toolchains. Your AI can still code, but it
can't touch the rest of your disk —
and network access is gated too
作者就一句话概括——「Minimal native macOS sandbox for Claude Code and Codex」
整个项目没有花哨的功能
就是解决一个问题:AI Agent 不该裸奔
The author sums it up in one line
"Minimal native macOS sandbox for Claude Code and
Codex." No fancy features — just one problem
your AI agent shouldn't run naked
AI UNDERDOGS
代码就在那,两分钟读完,自己判断
The code's right there — read it in 2 minutes, judge for yourself
sheremetyev/sandfence
关注 · 每天发现更多 AI 神作
github.com/sheremetyev/sandfence