cbox

OS-level sandboxing for AI agents and arbitrary commands.

Run anything with full shell access. All filesystem mutations are captured. Nothing touches your real system until you approve.

Works on Linux (native namespaces) and macOS (Docker/Podman). MIT Licensed.

Demo

How it works

1. cbox run — Launch an isolated sandbox. Let Claude Code reorganize, refactor, or clean up your project.
2. cbox diff — See exactly what the agent changed. Every file added, modified, or deleted.
3. cbox merge --pick — Cherry-pick which changes to keep. Discard the rest.

Features

• Kernel-level isolation — Linux: namespaces, overlayfs, seccomp-BPF, cgroups v2. macOS: Docker/Podman with auto-built base image.
• Diff/Merge workflow — OverlayFS captures only what changed. Review a clean diff, then selectively apply modifications.
• Network deny-by-default — No network access unless you say so. Whitelist specific hosts and ports.
• Claude Code built-in — Pre-installed in the container image. Just cbox run --network allow.

Install

Homebrew

brew tap borngraced/cbox && brew install cbox

Cargo

cargo install --git https://github.com/borngraced/cbox cbox

Binaries

Download from GitHub Releases.

GitHub · MIT License