Show HN: Fence – Sandbox CLI Commands with Network/Filesystem Restrictions

The rise of automated build pipelines and AI‑assisted coding has amplified the attack surface of development environments. Traditional container solutions, while secure, introduce latency and resource overhead that many teams find prohibitive for short‑lived tasks. Fence addresses this gap by offering a minimal‑footprint sandbox that leverages native OS mechanisms—bubblewrap on Linux and sandbox‑exec on macOS—to enforce network and filesystem policies without spinning up full containers. This approach delivers near‑instant isolation, enabling developers to safely execute third‑party scripts, package managers, or generated code snippets.

Fence’s configuration model centers on a concise JSON file, allowing teams to specify allowed domains, writable directories, and disallowed commands in a declarative manner. Built‑in templates such as “code” or “ci” provide out‑of‑the‑box rule sets for common use cases, while the optional monitoring mode logs policy violations in real time, giving visibility into unexpected network calls or file writes. The tool can also be imported directly from Claude Code, bridging AI‑driven code generation with enforced security policies, and it doubles as a Go library for deeper integration into custom tooling.

For enterprises, Fence offers a cost‑effective alternative to heavyweight virtualization, reducing compute spend and simplifying compliance audits. Its cross‑platform support ensures consistent policy enforcement across development workstations and CI runners, fostering a unified security posture. As AI agents become more prevalent in software creation, sandboxing solutions like Fence will likely become a standard component of secure development pipelines, providing the necessary guardrails without sacrificing agility.