# anthropic-experimental/sandbox-runtime **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/anthropic-experimental-sandbox-runtime).** 3,099 stars · 186 forks · TypeScript · apache-2.0 ## Links - GitHub: https://github.com/anthropic-experimental/sandbox-runtime - awesome-repositories: https://awesome-repositories.com/repository/anthropic-experimental-sandbox-runtime.md ## Description This project is an OS-level process sandbox and cross-platform security wrapper for Linux and macOS. It is designed to isolate arbitrary processes from the host machine by restricting filesystem and network access without the use of full containerization. The system functions as a system-call interceptor and access controller, blocking unauthorized operating system calls based on predefined security policies. It employs allowlists and denylists to manage resource requests and monitors for security violations in real time. Capability areas include filesystem access management using glob-pattern filtering, network traffic filtering via external proxies for deep packet inspection, and the blocking of local Unix socket creation. These features allow for the execution of untrusted code or agents within restricted security boundaries. ## Tags ### Operating Systems & Systems Programming - [Process Isolation](https://awesome-repositories.com/f/operating-systems-systems-programming/kernel-core-internals/process-and-memory-management/process-isolation.md) — Isolates processes within native operating system boundaries to restrict access to system resources. - [System Call Interceptors](https://awesome-repositories.com/f/operating-systems-systems-programming/kernel-core-internals/system-calls/system-call-interceptors.md) — Intercepts and blocks unauthorized operating system calls based on predefined security policies and allowlists. - [System-Call Interception](https://awesome-repositories.com/f/operating-systems-systems-programming/system-call-interception.md) — Intercepts system calls to block unauthorized filesystem or network operations. - [Socket Blocking](https://awesome-repositories.com/f/operating-systems-systems-programming/socket-blocking.md) — Prevents the creation of local Unix sockets using system-level filters. ### Development Tools & Productivity - [Filesystem Access Filtering](https://awesome-repositories.com/f/development-tools-productivity/file-pattern-matching/regex-based-file-selection/glob-pattern-selectors/filesystem-access-filtering.md) — Enforces strict path-based permissions using glob-pattern filtering for filesystem operations. - [Secure Command Wrapping](https://awesome-repositories.com/f/development-tools-productivity/shell-command-execution/secure-command-wrapping.md) — Wraps shell commands or library calls in a secure environment to restrict host access. ([source](https://github.com/anthropic-experimental/sandbox-runtime/blob/main/README.md)) ### DevOps & Infrastructure - [Filesystem Access Controls](https://awesome-repositories.com/f/devops-infrastructure/execution-environments/code-execution-runtimes/code-execution-sandboxes/filesystem-access-controls.md) — Enforces read and write permissions using allowlists and glob patterns to prevent unauthorized file access. ([source](https://github.com/anthropic-experimental/sandbox-runtime/blob/main/README.md)) ### Security & Cryptography - [Filesystem Permissions](https://awesome-repositories.com/f/security-cryptography/access-restrictions/filesystem-permissions.md) — Enforces strict read and write permissions on files and directories using allowlists and denylists. - [Allowlist-Based Access Controls](https://awesome-repositories.com/f/security-cryptography/allowlist-based-access-controls.md) — Implements a strict deny-by-default security policy to control access to system resources. - [System-Call Access Controllers](https://awesome-repositories.com/f/security-cryptography/granular-access-controls/resource-level-access-controls/system-call-access-controllers.md) — Blocks unauthorized resource requests and monitors security violations by controlling system calls at the OS level. - [Network Access Restrictions](https://awesome-repositories.com/f/security-cryptography/network-access-restrictions.md) — Filters outgoing network traffic using allow-only patterns and domain wildcards. ([source](https://github.com/anthropic-experimental/sandbox-runtime#readme)) - [Network Traffic Filtering](https://awesome-repositories.com/f/security-cryptography/network-traffic-filtering.md) — Restricts outgoing connections to specific domains and routes traffic through proxies for auditing. - [Process Sandboxes](https://awesome-repositories.com/f/security-cryptography/process-sandboxes.md) — Runs commands, agents, or servers in an isolated environment to enforce filesystem and network boundaries. ([source](https://github.com/anthropic-experimental/sandbox-runtime#readme)) - [Process Sandboxing](https://awesome-repositories.com/f/security-cryptography/process-sandboxing.md) — Restricts filesystem and network access for arbitrary processes to create a secure execution sandbox. - [Secure Execution Wrappers](https://awesome-repositories.com/f/security-cryptography/secure-execution-wrappers.md) — Functions as a cross-platform security wrapper for Linux and macOS to isolate untrusted code from the host. - [Security Isolation Mechanisms](https://awesome-repositories.com/f/security-cryptography/security-isolation-mechanisms.md) — Encloses arbitrary processes within security boundaries to isolate them from the host system. ([source](https://github.com/anthropic-experimental/sandbox-runtime/blob/main/package.json)) - [Cross-Platform System Hardening](https://awesome-repositories.com/f/security-cryptography/security/infrastructure-and-hardware/infrastructure-system-hardening/cross-platform-system-hardening.md) — Provides a unified tool for enforcing system-level boundaries and hardening on both Linux and macOS. ### Software Engineering & Architecture - [Host-Process Isolation](https://awesome-repositories.com/f/software-engineering-architecture/extensible-plugin-architectures/host-process-isolation.md) — Isolates processes from the underlying host machine by wrapping commands and library calls in security boundaries. - [OS-Level Virtualization](https://awesome-repositories.com/f/software-engineering-architecture/sandboxed-execution-environments/kernel-level-virtual-machines/os-level-virtualization.md) — Implements system-call interception to isolate processes from the host filesystem and network without using full containerization. - [Security Wrapping](https://awesome-repositories.com/f/software-engineering-architecture/sandboxed-execution-environments/kernel-level-virtual-machines/security-wrapping.md) — Wraps processes in native OS boundaries to isolate them from the host machine. ### System Administration & Monitoring - [Filesystem Access Restrictions](https://awesome-repositories.com/f/system-administration-monitoring/filesystem-access-restrictions.md) — Controls read and write permissions at the OS level using deny-then-allow patterns. ([source](https://github.com/anthropic-experimental/sandbox-runtime#readme)) - [System Call Monitors](https://awesome-repositories.com/f/system-administration-monitoring/real-time-monitoring-systems/system-call-monitors.md) — Detects and logs unauthorized system calls in real time to identify and monitor security violations. - [Sandbox Violation Monitoring](https://awesome-repositories.com/f/system-administration-monitoring/task-monitoring/task-violation-monitors/sandbox-violation-monitoring.md) — Detects and logs unauthorized attempts to access restricted system resources in real time. ([source](https://github.com/anthropic-experimental/sandbox-runtime#readme)) ### Networking & Communication - [Network Proxies](https://awesome-repositories.com/f/networking-communication/network-infrastructure-routing/network-proxying-tools/network-proxies.md) — Redirects all outgoing network traffic through an external proxy for deep packet inspection and auditing. - [Traffic Proxying](https://awesome-repositories.com/f/networking-communication/traffic-proxying.md) — Routes sandboxed network traffic through external proxies for deep packet inspection and auditing. - [Unix Socket Restrictions](https://awesome-repositories.com/f/networking-communication/unix-domain-socket-support/unix-socket-restrictions.md) — Blocks the creation of local communication sockets using system filters on Linux and macOS. ([source](https://github.com/anthropic-experimental/sandbox-runtime#readme))