Dirk Holtwick6d ago

bx - the macOS dev sandbox - is now at v0.9!

🔧 Custom apps via ~/.bxconfig.toml — add Cursor, Zed, whatever you like
🖥️ Xcode support
📂 Multiple workdirs in one session
🔍 Auto-discovers apps via macOS bundle IDs
⚡ Detects already running apps instead of launching duplicates

Really happy to see people picking this up. Would love to hear what apps you're sandboxing or what's missing. 💬

https://github.com/holtwick/bx-mac

#macOS #security #sandbox #opensource #devtools #ClaudeCode

GitHub - holtwick/bx-mac: Sandbox any macOS app — only your project directory stays accessible

Sandbox any macOS app — only your project directory stays accessible - holtwick/bx-mac

GitHub
Show threadJérôme6d ago
@holtwick hi! Is it common let’s say Claude or Gemini cli would go outside of the pre-configured directory we give them?
Show threadDirk Holtwick
@jerome I did not do any security research, but from my experience these tools will access whatever they like if you tell them. And they also they start CLI tools which do not have any limits. And they start MCP servers and use skills where nobody knows what they do and who wrote them. And you may have private config and keys on your computer like SSH or API keys. And so on... I sleep better, if these tools are in a cage ;) They are still not limited in their usefulness by this fencing.
Mar 29 at 4:19pmElk
Show threadJérôme6d ago

@holtwick Got it! Thank you

Reason i'm asking is that i'm not on Tahoe so I can't use your tool

However found that gemini-cli has a mode to use sandbox-exec so it might be worth a try for now
https://geminicli.com/docs/cli/sandbox/

Sandboxing in the Gemini CLI

Gemini CLI
Show threadDirk Holtwick6d ago
@jerome Why can't you use it? I did not intentionally limit it to macOS 26. I just only tested it with the latest version of macOS. Thanks for the link. Claude has that too. But I also wanted to protect the tools around it, like VSCode.