Skip to main content
This guide gets you from zero to a sandboxed agent in about 5 minutes. We’ll install the CLI, generate your first policy, and run a sandboxed coding agent.

Prerequisites

  • macOS (Monterey 12.0 or later recommended)
  • Terminal access with bash or zsh
  • An LLM coding agent installed (Claude, Cursor, Aider, etc.)
Assuming you’ve already installed the safehouse CLI. If not, run:
mkdir -p ~/.local/bin
curl -fsSL https://raw.githubusercontent.com/eugene1g/agent-safehouse/main/dist/safehouse.sh \
  -o ~/.local/bin/safehouse
chmod +x ~/.local/bin/safehouse

Your First Sandboxed Agent

1

Navigate to a project directory

Safehouse automatically detects your working directory and grants access to it.
cd ~/myproject
2

Run your agent

Run your agent inside the sandbox:
safehouse -- claude --dangerously-skip-permissions
The agent can read and write files in your project, use toolchains, and access the network, but cannot touch SSH keys or shell startup files.
3

Verify protection works

Test that sensitive files are blocked:
safehouse -- cat ~/.ssh/id_rsa
This should fail with Operation not permitted.

Common Workflows

Grant Additional Directories

safehouse --add-dirs-ro=~/shared-libs -- claude --dangerously-skip-permissions

Enable Docker

safehouse --enable=docker -- claude --dangerously-skip-permissions

Pass Environment Variables

safehouse --env-pass=OPENAI_API_KEY,ANTHROPIC_API_KEY -- aider

Next Steps

Core Concepts

Understand the sandbox model

CLI Options

Explore all available flags

Agent Compatibility

Check setup guides for 14+ agents

Policy Architecture

Deep dive into policy assembly

Build docs developers (and LLMs) love

Get started for freeTalk to us