fence

Fence wraps any command in a sandbox that blocks network access by default and restricts filesystem operations — no containers, no VMs, just a Go binary. Run fence npm install and it only allows npm/PyPI traffic. Run fence rm -rf / and it blocks the command entirely.

The simplicity is the point. Pre-built templates for common workflows (code, build, test), configurable deny rules, and it works with every major coding agent — Claude Code, Codex, Gemini CLI, Cursor. Compared to nono (deeper, kernel-enforced), Fence is easier to adopt. Compared to Docker (heavier, container overhead), Fence is lighter. Compared to running commands raw, Fence adds real protection.

Use this when you're running semi-trusted code — package installs, build scripts, unfamiliar repos — and want basic guardrails without infrastructure. Skip this if you need full VM isolation or audit trails.

The catch: nascent at 578 stars. Filesystem restrictions are configurable but the defaults may surprise you — test your workflow before depending on it. Go binary means no runtime dependencies, which is nice. Apache 2.0 license.