comsysto

comsysto / opencode-sandbox

Public

Sandbox for opencode based on docker and mise

10
0
100% credibility
Found May 12, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Shell
AI Summary

This project creates isolated, secure environments for running the OpenCode AI coding assistant separately for each software project, with customizable network access controls and persistent memory per project.

How It Works

1
🔍 Discover safe AI coding help

You hear about a way to use an AI coding assistant safely, keeping each project in its own protected space without accessing your whole computer.

2
📥 Get the sandbox tool

Download the simple setup tool and make its easy commands available on your computer.

3
🆕 Prepare your project

From your project's main folder, run the quick setup to create a custom safe space just for this project.

4
🚀 Launch the protected assistant

Start the safe space with one command, and watch your personal AI coding helper come alive securely.

5
🖥️ Open and chat with AI

Use your web browser or terminal to connect and ask the AI for coding ideas and help.

Code smarter, safer

Enjoy powerful AI assistance tailored to each project, with everything isolated and secure, so you can focus without worries.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is opencode-sandbox?

opencode-sandbox runs the OpenCode AI coding assistant in a per-project Docker container, isolating it from your host machine to prevent broad access to other files or global configs. Built in Shell with mise for toolchain management inside the container, it delivers scoped workspace access, persistent session state across restarts, and clean rebuilds without project bleed. Developers get simple CLI commands like ocs-init for setup, ocs-start-container to launch, and ocs-web to open the UI on localhost:4096.

Why is it gaining traction?

It stands out with strict network isolation via a Squid proxy whitelist for HTTP/HTTPS domains and iptables firewall, plus direct host port access for local services like databases—far tighter than running OpenCode natively. Per-project configs for API keys and models persist independently, and hooks let you inject dynamic env vars like AWS credentials at startup. The opencode sandbox docker approach works seamlessly on macOS via Colima or Podman, Linux Docker, making it a practical opencode sandbox container for github sandbox runtime needs.

Who should use this?

Multi-project developers juggling OpenCode sessions who hate config conflicts or AI overreach into unrelated codebases. Backend engineers connecting to local Postgres or Redis via host ports, or frontend teams whitelisting npmjs.org without exposing the full host. Ideal for opencode sandbox mac users or anyone in sandbox github actions workflows wanting opencode sandboxed isolation without setup hassle.

Verdict

Worth trying if you use OpenCode and need isolation—docs are thorough, CLI is intuitive, tested on key platforms—but with only 10 stars and 1.0% credibility score, it's early-stage and unproven at scale; test in a non-critical project first.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.