Agent Safehouse is a macOS-native sandboxing platform designed to securely run local coding agents, particularly those powered by large language models (LLMs). It addresses the risks associated with running probabilistic agents by enforcing strict kernel-level isolation, ensuring that agents cannot access or modify files outside explicitly permitted directories. The tool is intended for users who run LLM-based agents locally and need to safeguard their system and personal data from unintended or malicious actions by those agents.
The platform operates by denying write access to all locations except the designated project directory, with the kernel blocking unauthorized syscalls before any file operations occur. By default, Safehouse grants read/write access to the selected working directory (typically the git root) and read access to installed toolchains, while sensitive areas such as SSH keys, cloud credentials, and unrelated repositories are denied. The sandboxing is enforced at the kernel level using sandbox-exec, and the tool employs a deny-first access model, flipping the standard macOS permissions so that nothing is accessible unless explicitly granted. Users can further customize access permissions, specifying directories as read-only or read/write.
Agent Safehouse is compatible with a wide range of LLM coding agents, including named support for Claude, Codex, Copilot CLI, Gemini CLI, Aider, and others. It integrates with common POSIX shells (such as zsh and bash) and fish shell, allowing users to set up shell functions that automatically run agents within the sandbox. The tool provides templates and prompts for generating least-privilege sandbox profiles with the help of LLMs, enabling tailored security configurations for individual workflows.
Installation is streamlined, with options to install via Homebrew or by downloading a single self-contained shell script. The tool requires no build step and has no dependencies beyond Bash and macOS. 0 License.
In the Security & compliance platforms space, Agent Safehouse takes a focused approach. It focuses on preventing LLM coding agents from accessing or modifying files outside designated directories on macOS. It is built as an open-source project for developers running LLM coding agents locally. Agent Safehouse is open source under the Apache-2.0 license. Agent Safehouse is available on the web, macOS, and the command line, and it can be self-hosted.
Behind Agent Safehouse is eugene1g, and the product first shipped in 2026. Development happens publicly on GitHub with 1.9k stars and 15 commits in the last 90 days. PulseGate's similarity index finds few close equivalents — Agent Safehouse occupies a relatively distinct niche. Key capabilities include kernel sandboxing, agent isolation, and write access control.
Latest indexed changes and source events
agent-safehouse.dev discovered by the PulseGate indexer
Other apps tracked under the same category.