ngmi / anthropic-experimental / sandbox-runtime

anthropic-experimental/sandbox-runtime

TypeScript 3.1k stars

A lightweight sandboxing tool for enforcing filesystem and network restrictions on arbitrary processes at the OS level, without requiring a container.

✓ Synced 1h ago Share on X →
README badge: [![ngmi](https://ngmi.review/badge/anthropic-experimental/sandbox-runtime.svg)](https://ngmi.review/repo/anthropic-experimental/sandbox-runtime)
63 Merged PRs
2 days Avg Merge Time
0m Fastest PR
2 months Slowest PR
#252 Global Speed Rank

PR Size Analysis

Lines changed (additions + deletions) vs review outcomes. Re-sync to populate data for older PRs.

PRs by size
Avg review time (hrs)
Clean approval rate (%)

Top Reviewers

#1
@ddworken
30 reviews ✓ 25 approved
#2 @ollie-anthropic
@ollie-anthropic
30 reviews ✓ 23 approved
#3
@dylan-conway
11 reviews ✓ 7 approved ↺ 2 blocked
#4 @km-anthropic
@km-anthropic
5 reviews ✓ 5 approved
#5 @ant-kurt
@ant-kurt
2 reviews ✓ 1 approved
#6
@JacquesAnthropic
2 reviews ✓ 2 approved
#7 @Jarred-Sumner
@Jarred-Sumner
2 reviews ✓ 2 approved
#8 @loc
@loc
2 reviews
#9 @ltawfik
@ltawfik
1 reviews ✓ 1 approved
#10 @felixrieseberg
@felixrieseberg
1 reviews ✓ 1 approved

Recent Merged PRs

# Title Author Time Reviews Blocks
#143 ci: add npm release workflow @dylan-conway 12m 1
#140 fix: allow Unix domain socket creation in network-restricted sandbox @thomasballinger 1 day 2
#138 security: warn and skip symlink write paths pointing outside boundaries @ddworken 19.0h 4
#127 fix: use wildcard in allowLocalBinding seatbelt rules for IPv6 dual-stack compatibility @dylan-conway 1 day 1
#126 Re-introduce non-existent deny path protection with mount point cleanup @ddworken 1 day 3
#120 Add enableWeakerNetworkIsolation config option for Go TLS support @ddworken 4 days 1
#117 feat: use Bun.which for executable lookup when available @sosukesuzuki 50m 1
#116 Expand denyRead glob patterns to concrete paths on Linux @ddworken 1.1h 1
#112 chore: upgrade deps and bump to 0.0.34 @ollie-anthropic 14.0h 1
#108 Harden sandbox by removing unnecessary trustd.agent mach-lookup @ddworken 3 days 1
#54 Fix README example: move reset() inside exit callback @ryoppippi 2 months 1
#110 perf: memoize getGlobalNpmPaths to avoid repeated execSync calls @sosukesuzuki 3m 1
#91 Fix dotfile leak by skipping non-existent deny paths @la-j 19 days 1
#102 Update pointers @ollie-anthropic 7m 1
#101 feat: unified checkDependencies API returning SandboxDependencyCheck @ollie-anthropic 3.8h 1
#100 chore: bump version to 0.0.29 @ollie-anthropic 13.8h 2
#99 fix: support WSL2 sandboxing, reject WSL1 @ollie-anthropic 13m 4
#90 add fd 3 control channel for dynamic config updates @loc 3 days 4
#96 Update pointers to 0.28 @ollie-anthropic 1.1h 1
#95 chore: bump version to 0.0.27 @ollie-anthropic 21m 1