Cross-Platform Sandboxing
Every workspace in thane can be its own sandbox. On Linux, Landlock LSM restricts file access to only the paths you allow, and seccomp-bpf blocks dangerous syscalls. On macOS, App Sandbox enforces entitlement-based restrictions. Network access is opt-in on both platforms. Your agents work freely inside their boundaries — your system stays safe.
Filesystem Restrictions
Define per-workspace read-only, read-write, and denied paths. On Linux, Landlock LSM enforces restrictions at the kernel level. On macOS, App Sandbox entitlements control file access. No userspace workaround can bypass them.
seccomp-bpf Syscall Filtering
On Linux, block dangerous system calls before they reach the kernel. Prevent Claude Code from loading kernel modules, modifying system time, or tracing other processes. On macOS, App Sandbox provides equivalent process-level restrictions.
Network Isolation
Control whether each workspace can make network connections. Block all network access, or allow only specific outbound connections.
Per-Workspace Configuration
Each workspace has its own sandbox settings. A documentation workspace might need no network, while a web development workspace needs localhost access.
Sensitive Data Detection
Scan terminal output for PII patterns (email addresses, SSNs, credit card numbers), API keys, SSH private keys, and credential files (.env, .aws). Configurable policy: Allow, Warn, or Block.
How it works
thane uses platform-native security features on each OS. On Linux, Landlock LSM (Linux Security Module) restricts filesystem access at the kernel level — you define which paths are readable, writable, or denied, and the kernel enforces these rules for every process in the workspace. Unlike Docker volumes or chroot, Landlock works on your real filesystem without copying or mounting.
seccomp-bpf (Secure Computing with Berkeley Packet Filters) intercepts system calls before they execute. thane applies a seccomp filter that blocks dangerous syscalls like ptrace, mount, and kexec — preventing Claude Code from escalating privileges or escaping its sandbox even if it finds a vulnerability in your code.
On macOS, App Sandbox uses entitlements to restrict file access, network connections, and process capabilities. Combined with thane's per-workspace path lists, this provides defense-in-depth sandboxing on both platforms. All sandbox events are logged in the real-time audit trail.
Use cases
Running Claude Code autonomously
Let Claude Code edit code and run tests — without risking access to ~/.ssh, ~/.aws, or other sensitive directories.
Multi-project isolation
Run Claude Code across multiple workspaces, each with its own filesystem and network boundaries. No workspace can see or affect another's files.
Compliance and auditing
Enforce data boundaries for regulated workloads. Combine sandbox restrictions with the audit trail to prove that Claude Code never accessed restricted files.
Ready to try thane?
Free for personal use. OS-level sandboxing, split panes, embedded browser, and real-time audit trail — all on your machine.