Developer Preview

Neraxis Sandbox

Secure runtime for AI agents

Neraxis Sandbox lets developers run AI agents safely by enforcing filesystem, network, and system policies before actions are allowed.

View on GitHub Get Started
Terminal

The Problem

AI agents typically run with full access to your system. This creates significant security risks for developers.

馃搧

Accidental File Modification

Agents can read, write, or delete files anywhere on your system without restriction.

馃攽

Credential Leaks

SSH keys, API tokens, and environment variables are exposed to agent access.

馃寪

Unintended Network Access

Agents can make arbitrary network requests to any service without oversight.

Developers need a way to run agents inside a controlled environment without sacrificing functionality.

How Neraxis Sandbox Works

Neraxis Sandbox wraps AI agents in an isolated execution environment using OS-level security primitives. Network requests are routed through a policy-aware proxy that can allow, deny, or pause for human approval.

AI Agent claude 路 codex 路 custom NERAXIS SANDBOX OS Security macOS: Seatbelt Linux: Bubblewrap Landlock Network Proxy MITM Interception Request Inspection TLS Certificate Policy Enforcement Policy Engine Allow Deny Consent (human approval) Filesystem read 路 write 路 delete Network outbound requests System services 路 env vars

Network requests pass through a policy-aware proxy where they can be allowed automatically, denied automatically, or paused for human approval.

Security Model

Neraxis Sandbox uses OS-level security primitives to enforce restrictions at the kernel level.

Filesystem Restrictions

Agents run in a restricted environment with explicit read/write permissions. Access to sensitive directories like ~/.ssh and ~/.aws is denied by default.

Network Interception

All network traffic is routed through a local MITM proxy. Requests are inspected and matched against policies before being allowed to reach the network.

Policy-Based Approval

Define granular policies for filesystem paths, network domains, and system resources. Each policy can allow, deny, or require human consent.

OS Security Primitives

macOS: Seatbelt sandbox profiles
Linux: Bubblewrap and Landlock LSM

These are the same mechanisms used by browsers and container runtimes.

Installation

Neraxis Sandbox is distributed as a CLI tool via Homebrew.

1. Install via Homebrew

brew install neraxis

2. Run an AI agent

ner run claude

First run setup: The first time you run Neraxis, it will install a local TLS certificate needed for network inspection. This certificate is used only for the MITM proxy and is stored in your system keychain.

Open Source

Neraxis Sandbox is open source and available on GitHub. Contributions are welcome.

View on GitHub