^{NO AI HERE - this repo is 100% human-certified AI-free}

Basic Sandbox 🏖️

This is a somewhat-specialized sandbox for running things you don't trust. It's built around bubblewrap.

⚙️ BS features

🕵 Opens your current working directory at /project/<CWD NAME>. This is to anonymize any information it might hold.
🕵 Makes a "virtual" username and home folder (see: --user flag).
🕵 Makes a "virtual" hostname (see --hostname flag).
🛠️ Forwards /usr and /opt to passthrough software. This is to make bs low friction to use.

# Run opencode with readonly access to ~/.bashrc and ~/code/mylib, but NO OTHER USER FILES
bs -f ~/.bashrc -f ~/code/mylib -- opencode

To make profiles:

Experiment to find a bs command that you find useful
Copy bsp-template and name it what you want (eg. bspgcc) and fill in TODO's (or, make your own)
Replace the bs command in the script with your bs command
Make sure the template is chmod +x'd and in your PATH

Install bubblewrap (bwrap) and fish (fish) from your package manager
Clone the repository bs into your environment
Add bs to your PATH (something like sudo ln -s "$(realpath -e bs)" /usr/bin/bs)
chmod +x
Run bs. You should be dropped into a shell.