Show HN: Zerobox – Sandbox any command with file, network, credential controls

Zerobox is a lightweight, cross-platform process sandboxing tool that offers granular control over file access, network traffic, and environment variables with minimal overhead.

Lightweight, cross-platform process sandboxing powered by OpenAI Codex's sandbox runtime.

Deny by default: Writes, network, and environment variables are blocked unless you allow them. Credential injection: Pass API keys that the process never sees. Zerobox injects real values only for approved hosts. File access control: Allow or deny reads and writes to specific paths. Network filtering: Allow or deny outbound traffic by domain. Clean environment: Only essential env vars (PATH, HOME, etc.) are inherited by default. TypeScript SDK: import { Sandbox } from "zerobox" with a Deno-style API. Cross-platform: macOS and Linux. Windows support planned. Single binary: No Docker, no VMs, ~10ms overhead.

Example usage: zerobox --allow-read=. -- node script.js

Secrets are handled via a network proxy level substitution, ensuring the sandboxed process only sees a placeholder while the server receives the real key.

Source: Hacker News

More in this category

dev-tools

GLM 5.2 Is Out

Zhipu AI has officially released GLM-5.2, its most powerful open-source model to date, featuring a 1M context window and advanced long-horizon task capabilities. The release underscores Zhipu's commitment to open-source AI and global scientific collaboration amid rising technological restrictions.

dev-tools

Noise infusion banned from statistical products published by Census Bureau

The U.S. Department of Commerce has banned "noise infusion" from statistical products published by the Census Bureau, a decision that could have severe consequences for both data utility and privacy protection.

dev-tools

Treating pancreatic tumours may have revealed cancer's master switch

A promising new drug called daraxonrasib has shown breakthrough results in treating pancreatic cancer, doubling median survival times. This achievement could pave the way for an entirely new class of cancer treatments.

dev-tools

Every Frame Perfect

In UI design, perfection isn't just about the start and end states, but every single transition frame in between. Polishing these micro-interactions is key to building user trust.

dev-tools

Leaving Mozilla

A poignant and candid reflection from a 15-year Mozilla veteran upon their departure. The author highlights the leadership's missteps in trying to emulate tech giants and urges Mozilla to return to its core values: community and uniqueness.

dev-tools

Shepherd's Dog: A Game by the Most Dangerous AI Model

A developer tested Anthropic's latest, supposedly 'too dangerous' AI model by asking it to build a long-held game idea in a single shot. The model succeeded, generating a complete 2,319-line game after a 45-minute reasoning session.

EXPLORE TOPICS