DealForge autonomously sources, scores, and writes investment memos on venture deals. Stop manually hunting.
1,180+ deals tracked · 22 AI investment memos · Updated daily
Show HN: Zerobox – Sandbox any command with file and network restrictions
I'm excited to introduce Zerobox, a cross-platform, single binary process sandboxing CLI written in Rust. It uses the sandboxing crates from the OpenAI Codex repo and adds additional functionalities like secret injection, SDK, etc.<p>Watch the demo: <a href="https://www.youtube.com/watch?v=wZiPm9BOPCg" rel="nofollow">https://www.youtube.com/watch?v=wZiPm9BOPCg</a><p>Zerobox follows the same sandboxing policy as Deno which is deny by default. The only operation that the command can run is reading files, all writes and network I/O are blocked by default. No VMs, no Docker, no remote servers.<p>Want to block reads to /etc?<p><pre><code> zerobox --deny-read=/etc -- cat /etc/passwd cat: /etc/passwd: Operation not permitted </code></pre> How it works:<p>Zerobox wraps any commands/programs, runs an MITM proxy and uses the native sandboxing solutions on each operating system (e.g BubbleWrap on Linux) to run the given process in a sandbox. The MITM proxy has two jobs: blocking network calls and injecting credentials at the network level.<p>Think of it this way, I want to inject "Bearer OPENAI_API_KEY" but I don't want my sandboxed command to know about it, Zerobox does that by replacing "OPENAI_API_KEY" with a placeholder, then replaces it when the actual outbound network call is made, see this example:<p><pre><code> zerobox --secret OPENAI_API_KEY=$OPENAI_API_KEY --secret-host OPENAI_API_KEY=api.openai.com -- bun agent.ts </code></pre> Zerobox is different than other sandboxing solutions in the sense that it would allow you to easily sandbox any commands locally and it works the same on all platforms. I've been exploring different sandboxing solutions, including Firecracker VMs locally, and this is the closest I was able to get when it comes to sandboxing commands locally.<p>The next thing I'm exploring is `zerobox claude` or `zerobox openclaw` which would wrap the entire agent and preload the correct policy profiles.<p>I'd love to hear your feedback, especially if you are running AI Agents (e.g. OpenClaw), MCPs, AI Tools locally.
Zerobox addresses a timely and critical pain point in the AI agent ecosystem—securely executing untrusted code locally. While the secret-injection MITM proxy is an innovative differentiator, the project is in its infancy with minimal traction and faces significant competition from established containerization and virtualization standards.