Security●●Solid
Nixcage – Sandbox AI coding agents per project with Nix and direnv
direnv auto-activation with bubblewrap sandboxing isolates agents per project.
Big BrainNiche Gem
hamidr
102mo ago
Back to browse
GitHub Repository
Sandbox any macOS app — only your project directory stays accessible
69 starsTypeScript
Bx – macOS native sandbox for AI and coding tools
by holtwick·Apr 7, 2026·8 points·0 comments
AI Analysis
●●SolidSolve My ProblemBig BrainNiche Gem
Native macOS sandboxing stops AI agents from reading your SSH keys without Docker overhead.
Strengths
- •Uses sandbox-exec profiles to restrict file access without heavy VM overhead.
- •Gitignore-like .bxignore syntax handles secrets like .env files within allowed directories.
- •Automatically blocks sensitive defaults like ~/.ssh and ~/Documents out of the box.
Weaknesses
- •Relies on private Apple APIs that may break in future macOS updates.
- •No network isolation means AI tools can still exfiltrate data.
Category
Target Audience
macOS developers using AI coding agents
Similar To
Sandboxie · Docker Desktop · OrbStack
Post Description
Wrapper around Apple's macOS sandbox-exec tool, which usually sandboxes native apps. It is "allow-first" i.e. it will not overprotect everything, just crucial information and therefore allows most tools to run without issues. Limiting is done using a .gitignore like file schema. Further TOML config options available.
I built it because Docker sandboxing requires config and planning. Build in sandboxing of AI tools instead is limited to the very tools themselves, instead I wanted to have a simple cage around Claude running inside VSCode. Also needed to protect files inside a folder like .env.local or keys.
Install via: brew install holtwick/tap/bx
Run like: bx claude .
Similar Projects
Developer Tools●●Solid
Lula – multi-agent coding assistant with sandboxed Rust exec engine
Firecracker MicroVMs sandbox agent actions where Copilot Workspace trusts subprocess calls.
WizardryBold Bet
chrismeurer
512mo ago
Developer Tools●●Solid
A macOS job that resets your AI coding limits automatically
Clever launchd scheduling beats cron for maximizing AI token rate limits.
Big BrainNiche Gem
shnksi
102mo ago
Productivity●●Solid
Claude Rate Widget Native macOS Widget to Monitor Claude Code Limits
Shows all four Claude limits (Session, Weekly, Weekly Sonnet, Overage) in one widget with color-coded warnings and reset countdowns — exactly the tiny UX gap heavy users kept bumping into. The author went native: Swift + WidgetKit, OAuth PKCE (no API keys), App Group UserDefaults for widget/app sync and a Homebrew tap for install — practical choices that make this something you'd actually run on your desktop. Limited to macOS Sonoma and Claude subscribers, so great for the audience but narrow in reach.
Niche GemSlick
hulryung
103mo ago
Developer Tools●Mid
KrunAI – A CLI tool for running AI agents inside microVM sandboxes
Runs agents in sandboxed microVMs to contain execution; promising but docs barely explain why this matters.
WizardryBold Bet
slpnix
103mo ago
Developer Tools●●Solid
My time has come – let Claude Code wrap up before 5-hour usage runs out
Two-stage brake saves your repo state before Claude Code cuts you off.
Solve My ProblemCozy
BuyG1n
3119d ago