opencode-sandbox launches opencode inside a small Bubblewrap sandbox for Linux.
It is a small Bash wrapper that:
- uses the current directory as the writable project root,
- stores sandbox state under
./.sandbox, - keeps host network access enabled,
- and mounts Node automatically when the resolved
opencodeentrypoint is a Node launcher.
Running opencode in a sandbox gives it the files it needs for the current project without giving it unrestricted access to the rest of the machine.
This wrapper is useful when you want to:
- avoid accidental reads or writes outside the repo,
- keep generated state in
./.sandbox, - reduce the impact of bad commands, broken scripts, or prompt mistakes,
- and make the environment more predictable across Linux machines.
The goal is not perfect isolation. It is a practical safety boundary that keeps day-to-day usage pointed at the project directory instead of the whole host system.
- Linux only
- Bubblewrap must be installed; check with
command -v bwrap opencoderequired
Non-Linux platforms are out of scope for this version.
- Clone this repository.
- Make the launcher executable if needed:
chmod +x opencode-sandbox- Optionally place it on your
PATH:
install -Dm755 opencode-sandbox "$HOME/.local/bin/opencode-sandbox"Run the wrapper from the project directory you want to expose inside the sandbox:
./opencode-sandboxRun a simple launch check:
./opencode-sandbox --helpPass any normal Opencode arguments through the wrapper:
./opencode-sandbox --help
./opencode-sandbox run "summarize this repository"- The current working directory is bind-mounted read-write.
- Sandbox state is written to
./.sandbox. /usr,/etc, and common system library directories are mounted read-only./runis mounted read-only so host runtime files such as DNS resolver state remain available.- The wrapper always shares the host network namespace.
- If the resolved Opencode entrypoint starts with a Node shebang, the wrapper also exposes the matching Node install root.