Show HN：Fence – 限制網路/檔案系統的沙盒化 CLI 指令

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

To see all available qualifiers, see our documentation.

Lightweight, container-free sandbox for running commands with network and filesystem restrictions

License

Uh oh!

There was an error while loading. Please reload this page.

Use-Tusk/fence

Folders and files

Latest commit

History

Repository files navigation

Fence wraps commands in a sandbox that blocks network access by default and restricts filesystem operations based on configurable rules. It's most useful for running semi-trusted code (package installs, build scripts, CI jobs, unfamiliar repos) with controlled side effects, and it can also complement AI coding agents as defense-in-depth.

You can also think of Fence as a permission manager for your CLI agents.

Install

Go install:

Build from source:

Additional requirements for Linux:

Usage

Basic

Configuration

Fence reads from ~/.fence.json by default:

Use fence --settings ./custom.json to specify a different config.

Import from Claude Code

Features

Fence can be used as a Go package or CLI tool.

Documentation

Attribution

Inspired by Anthropic's sandbox-runtime.

About

Lightweight, container-free sandbox for running commands with network and filesystem restrictions

Resources

License

Contributing

Security policy

Uh oh!

There was an error while loading. Please reload this page.

Stars

Watchers

Forks

Releases

  13

Contributors

  3

Uh oh!

There was an error while loading. Please reload this page.

Languages

Footer

Footer navigation