Yu – Sandboxes your Claude Code/Codex with zero credential exposure(blog.dreambubble.ai)
blog.dreambubble.ai
Yu – Sandboxes your Claude Code/Codex with zero credential exposure
https://blog.dreambubble.ai/en/posts/your-ai-coding-agent-is-running-naked-on-your-laptop
How It Works
Filesystem — macOS sandbox-exec hides everything except the project directory. No containers.
Env vars — Default-deny whitelist. Secrets (KEY, TOKEN, SECRET, PASSWORD) get dummy values.
API proxy — For custom BASE_URL setups (e.g. LiteLLM), a localhost reverse proxy swaps dummy keys for real ones. No MITM, no certificates.
Command proxy — git, ssh, gh, aws intercepted by shims. Real commands run outside sandbox with credentials from .yu/env.
Permission bypass — Agents launch with --dangerously-skip-permissions (Claude) / --dangerously-bypass-approvals-and-sandbox (Codex). The sandbox is the security boundary.