This is a somewhat-specialized sandbox for running things you don't trust. It's built around bubblewrap.
Note
This tool was and is 100% written by hand. No AI-generated code exists in this repository.
- 🕵 Opens your current working directory at
/project/<CWD NAME>. This is to anonymize any information it might hold. - 🕵 Makes a "virtual" username and home folder (see:
--userflag). - 🕵 Creates a "virtual" hostname (see
--hostnameflag). - 🛠️ Forwards
/usrand/opt. This is to make bs quick to use.
# Run opencode with readonly access to ~/.bashrc and ~/code/mylib
bs -f ~/.bashrc -f ~/code/mylib -- opencodeTo make profiles:
- Experiment to find a
bscommand that you find useful - Copy
bsp-templateand name it what you want (eg.bspgcc) and fill in TODO's -- OR make your own - Replace the
bscommand in the script with your bs command - Make sure the template is
chmod +x'd and in your PATH
- Install bubblewrap (
bwrap) and fish shell (fish) from your package manager - Clone the repository
bsinto your environment - Add
bsto your PATH (something likesudo ln -s "$(realpath -e bs)" /usr/bin/bs) - If you want the example profiles (
bspocfor opencode andbspgeminifor gemini-cli), copy them too chmod +x- Run
bs. You should be dropped into a shell.