Show HN: Zerobox – Sandbox any command with file and network restrictions (github.com)

Zerobox is an open-source, lightweight process sandbox for macOS and Linux that can run arbitrary commands while enforcing file, network, and environment-variable restrictions. It blocks writes and outbound network by default, and supports “secret” injection where real credential values are only revealed to approved hosts via a proxy. The project also provides a CLI and a TypeScript/Deno-style SDK for defining per-command permissions and for handling execution output and errors.