Show HN: Nixcage – Sandbox AI coding agents per project with Nix and direnv
github.comI built nixcage to solve a problem that's been bugging me: AI coding agents like Claude Code have broad access to your filesystem, network, and system. That's powerful but uncomfortable, especially on client projects or machines with sensitive data.
nixcage creates per-project sandboxes that activate automatically when you cd into a directory (via direnv). It uses bubblewrap on Linux and sandbox-exec on macOS — no VMs, no Docker, no overhead.
Three isolation levels: strict (no network, empty home), standard (project writable, network on), and relaxed (home readable, project writable).
It also controls Nix store access (shared, readonly, copy, or fully isolated) so sandboxed tools can't pollute your host store.
Quick start: nixcage init --preset claude-code && direnv allow
A debug mode captures every blocked syscall so you can see exactly what's denied and tune your config.
https://github.com/hamidr/nixcage
No comments yet.