[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"similar-Use-Tusk--fence":3,"tool-Use-Tusk--fence":64},[4,17,27,35,48,56],{"id":5,"name":6,"github_repo":7,"description_zh":8,"stars":9,"difficulty_score":10,"last_commit_at":11,"category_tags":12,"status":16},3808,"stable-diffusion-webui","AUTOMATIC1111\u002Fstable-diffusion-webui","stable-diffusion-webui 是一个基于 Gradio 构建的网页版操作界面，旨在让用户能够轻松地在本地运行和使用强大的 Stable Diffusion 图像生成模型。它解决了原始模型依赖命令行、操作门槛高且功能分散的痛点，将复杂的 AI 绘图流程整合进一个直观易用的图形化平台。\n\n无论是希望快速上手的普通创作者、需要精细控制画面细节的设计师，还是想要深入探索模型潜力的开发者与研究人员，都能从中获益。其核心亮点在于极高的功能丰富度：不仅支持文生图、图生图、局部重绘（Inpainting）和外绘（Outpainting）等基础模式，还独创了注意力机制调整、提示词矩阵、负向提示词以及“高清修复”等高级功能。此外，它内置了 GFPGAN 和 CodeFormer 等人脸修复工具，支持多种神经网络放大算法，并允许用户通过插件系统无限扩展能力。即使是显存有限的设备，stable-diffusion-webui 也提供了相应的优化选项，让高质量的 AI 艺术创作变得触手可及。",162132,3,"2026-04-05T11:01:52",[13,14,15],"开发框架","图像","Agent","ready",{"id":18,"name":19,"github_repo":20,"description_zh":21,"stars":22,"difficulty_score":23,"last_commit_at":24,"category_tags":25,"status":16},1381,"everything-claude-code","affaan-m\u002Feverything-claude-code","everything-claude-code 是一套专为 AI 编程助手（如 Claude Code、Codex、Cursor 等）打造的高性能优化系统。它不仅仅是一组配置文件，而是一个经过长期实战打磨的完整框架，旨在解决 AI 代理在实际开发中面临的效率低下、记忆丢失、安全隐患及缺乏持续学习能力等核心痛点。\n\n通过引入技能模块化、直觉增强、记忆持久化机制以及内置的安全扫描功能，everything-claude-code 能显著提升 AI 在复杂任务中的表现，帮助开发者构建更稳定、更智能的生产级 AI 代理。其独特的“研究优先”开发理念和针对 Token 消耗的优化策略，使得模型响应更快、成本更低，同时有效防御潜在的攻击向量。\n\n这套工具特别适合软件开发者、AI 研究人员以及希望深度定制 AI 工作流的技术团队使用。无论您是在构建大型代码库，还是需要 AI 协助进行安全审计与自动化测试，everything-claude-code 都能提供强大的底层支持。作为一个曾荣获 Anthropic 黑客大奖的开源项目，它融合了多语言支持与丰富的实战钩子（hooks），让 AI 真正成长为懂上",140436,2,"2026-04-05T23:32:43",[13,15,26],"语言模型",{"id":28,"name":29,"github_repo":30,"description_zh":31,"stars":32,"difficulty_score":23,"last_commit_at":33,"category_tags":34,"status":16},2271,"ComfyUI","Comfy-Org\u002FComfyUI","ComfyUI 是一款功能强大且高度模块化的视觉 AI 引擎，专为设计和执行复杂的 Stable Diffusion 图像生成流程而打造。它摒弃了传统的代码编写模式，采用直观的节点式流程图界面，让用户通过连接不同的功能模块即可构建个性化的生成管线。\n\n这一设计巧妙解决了高级 AI 绘图工作流配置复杂、灵活性不足的痛点。用户无需具备编程背景，也能自由组合模型、调整参数并实时预览效果，轻松实现从基础文生图到多步骤高清修复等各类复杂任务。ComfyUI 拥有极佳的兼容性，不仅支持 Windows、macOS 和 Linux 全平台，还广泛适配 NVIDIA、AMD、Intel 及苹果 Silicon 等多种硬件架构，并率先支持 SDXL、Flux、SD3 等前沿模型。\n\n无论是希望深入探索算法潜力的研究人员和开发者，还是追求极致创作自由度的设计师与资深 AI 绘画爱好者，ComfyUI 都能提供强大的支持。其独特的模块化架构允许社区不断扩展新功能，使其成为当前最灵活、生态最丰富的开源扩散模型工具之一，帮助用户将创意高效转化为现实。",107662,"2026-04-03T11:11:01",[13,14,15],{"id":36,"name":37,"github_repo":38,"description_zh":39,"stars":40,"difficulty_score":23,"last_commit_at":41,"category_tags":42,"status":16},2268,"ML-For-Beginners","microsoft\u002FML-For-Beginners","ML-For-Beginners 是由微软推出的一套系统化机器学习入门课程，旨在帮助零基础用户轻松掌握经典机器学习知识。这套课程将学习路径规划为 12 周，包含 26 节精炼课程和 52 道配套测验，内容涵盖从基础概念到实际应用的完整流程，有效解决了初学者面对庞大知识体系时无从下手、缺乏结构化指导的痛点。\n\n无论是希望转型的开发者、需要补充算法背景的研究人员，还是对人工智能充满好奇的普通爱好者，都能从中受益。课程不仅提供了清晰的理论讲解，还强调动手实践，让用户在循序渐进中建立扎实的技能基础。其独特的亮点在于强大的多语言支持，通过自动化机制提供了包括简体中文在内的 50 多种语言版本，极大地降低了全球不同背景用户的学习门槛。此外，项目采用开源协作模式，社区活跃且内容持续更新，确保学习者能获取前沿且准确的技术资讯。如果你正寻找一条清晰、友好且专业的机器学习入门之路，ML-For-Beginners 将是理想的起点。",84991,"2026-04-05T10:45:23",[14,43,44,45,15,46,26,13,47],"数据工具","视频","插件","其他","音频",{"id":49,"name":50,"github_repo":51,"description_zh":52,"stars":53,"difficulty_score":10,"last_commit_at":54,"category_tags":55,"status":16},3128,"ragflow","infiniflow\u002Fragflow","RAGFlow 是一款领先的开源检索增强生成（RAG）引擎，旨在为大语言模型构建更精准、可靠的上下文层。它巧妙地将前沿的 RAG 技术与智能体（Agent）能力相结合，不仅支持从各类文档中高效提取知识，还能让模型基于这些知识进行逻辑推理和任务执行。\n\n在大模型应用中，幻觉问题和知识滞后是常见痛点。RAGFlow 通过深度解析复杂文档结构（如表格、图表及混合排版），显著提升了信息检索的准确度，从而有效减少模型“胡编乱造”的现象，确保回答既有据可依又具备时效性。其内置的智能体机制更进一步，使系统不仅能回答问题，还能自主规划步骤解决复杂问题。\n\n这款工具特别适合开发者、企业技术团队以及 AI 研究人员使用。无论是希望快速搭建私有知识库问答系统，还是致力于探索大模型在垂直领域落地的创新者，都能从中受益。RAGFlow 提供了可视化的工作流编排界面和灵活的 API 接口，既降低了非算法背景用户的上手门槛，也满足了专业开发者对系统深度定制的需求。作为基于 Apache 2.0 协议开源的项目，它正成为连接通用大模型与行业专有知识之间的重要桥梁。",77062,"2026-04-04T04:44:48",[15,14,13,26,46],{"id":57,"name":58,"github_repo":59,"description_zh":60,"stars":61,"difficulty_score":10,"last_commit_at":62,"category_tags":63,"status":16},2181,"OpenHands","OpenHands\u002FOpenHands","OpenHands 是一个专注于 AI 驱动开发的开源平台，旨在让智能体（Agent）像人类开发者一样理解、编写和调试代码。它解决了传统编程中重复性劳动多、环境配置复杂以及人机协作效率低等痛点，通过自动化流程显著提升开发速度。\n\n无论是希望提升编码效率的软件工程师、探索智能体技术的研究人员，还是需要快速原型验证的技术团队，都能从中受益。OpenHands 提供了灵活多样的使用方式：既可以通过命令行（CLI）或本地图形界面在个人电脑上轻松上手，体验类似 Devin 的流畅交互；也能利用其强大的 Python SDK 自定义智能体逻辑，甚至在云端大规模部署上千个智能体并行工作。\n\n其核心技术亮点在于模块化的软件智能体 SDK，这不仅构成了平台的引擎，还支持高度可组合的开发模式。此外，OpenHands 在 SWE-bench 基准测试中取得了 77.6% 的优异成绩，证明了其解决真实世界软件工程问题的能力。平台还具备完善的企业级功能，支持与 Slack、Jira 等工具集成，并提供细粒度的权限管理，适合从个人开发者到大型企业的各类用户场景。",70626,"2026-04-05T22:51:36",[26,15,13,45],{"id":65,"github_repo":66,"name":67,"description_en":68,"description_zh":69,"ai_summary_zh":69,"readme_en":70,"readme_zh":71,"quickstart_zh":72,"use_case_zh":73,"hero_image_url":74,"owner_login":75,"owner_name":76,"owner_avatar_url":77,"owner_bio":78,"owner_company":79,"owner_location":79,"owner_email":80,"owner_twitter":81,"owner_website":82,"owner_url":83,"languages":84,"stars":105,"forks":106,"last_commit_at":107,"license":108,"difficulty_score":23,"env_os":109,"env_gpu":110,"env_ram":110,"env_deps":111,"category_tags":118,"github_topics":119,"view_count":23,"oss_zip_url":79,"oss_zip_packed_at":79,"status":16,"created_at":128,"updated_at":129,"faqs":130,"releases":166},2228,"Use-Tusk\u002Ffence","fence","Lightweight, container-free sandbox for running commands with network and filesystem restrictions","Fence 是一款轻量级、无需容器的命令行沙盒工具，专为安全执行不可完全信任的代码而生。它能在默认阻断所有网络连接的基础上，通过可配置规则严格限制文件读写和危险命令执行，从而将潜在风险隔离在可控范围内。\n\n对于经常运行第三方构建脚本、安装未知包、处理 CI 任务或借助 AI 编程助手（如 Claude Code、Cursor 等）进行开发的开发者而言，Fence 有效解决了“代码权限过大”带来的安全隐患。它就像是为命令行操作配备了一位严谨的“权限管家”，确保即使代码行为异常，也不会对主机系统造成破坏或数据泄露。\n\nFence 的技术亮点在于其极简架构：不依赖沉重的容器技术，而是利用 Linux 原生机制（如 bubblewrap）实现隔离，启动迅速且资源占用极低。同时，它提供灵活的模板系统和配置文件继承机制，允许用户针对不同场景（如允许特定域名访问或开放局部目录写入）快速定制策略，并支持实时监控违规尝试。无论是资深工程师希望加固自动化流程，还是普通用户想要安全地试用开源项目，Fence 都能以低门槛的方式提供企业级的防御深度。","![Fence Banner](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FUse-Tusk_fence_readme_d357da8b398a.png)\n\n\u003Cdiv align=\"center\">\n\n![GitHub Release](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002FUse-Tusk\u002Ffence)\n[![Build and test](https:\u002F\u002Fgithub.com\u002FUse-Tusk\u002Ffence\u002Factions\u002Fworkflows\u002Fmain.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FUse-Tusk\u002Ffence\u002Factions\u002Fworkflows\u002Fmain.yml)\n[![License](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-Apache_2.0-blue.svg)](https:\u002F\u002Fopensource.org\u002Flicenses\u002FApache-2.0)\n\n\u003C\u002Fdiv>\n\nFence wraps commands in a sandbox that blocks network access by default and restricts filesystem operations based on configurable rules. It's most useful for running semi-trusted code (package installs, build scripts, CI jobs, unfamiliar repos) with controlled side effects, and it can also complement AI coding agents as defense-in-depth.\n\n```bash\n# Block all network access (default)\nfence curl https:\u002F\u002Fexample.com  # → 403 Forbidden\n\n# Allow specific domains\nfence -t code npm install  # → uses 'code' template with npm\u002Fpypi\u002Fetc allowed\n\n# Block dangerous commands\nfence -c \"rm -rf \u002F\"  # → blocked by command deny rules\n```\n\nYou can also think of Fence as a permission manager for your CLI agents. **Fence works with popular coding agents like Claude Code, Codex, Amp, Gemini CLI, Cursor Agent, OpenCode, Factory (Droid) CLI, etc.** See [agents.md](.\u002Fdocs\u002Fagents.md) for more details.\n\n## Install\n\n**macOS \u002F Linux:**\n\n```bash\ncurl -fsSL https:\u002F\u002Fcli.fencesandbox.com\u002Finstall.sh | sh\n```\n\n**Homebrew (macOS):**\n\n```bash\nbrew tap use-tusk\u002Ftap\nbrew install use-tusk\u002Ftap\u002Ffence\n```\n\n**Nix (macOS, Linux, Windows (WSL)):**\n\n```sh\nnix run nixpkgs#fence -- --help\n```\n\nThis runs it directly from the repository, without installing `fence`. If you want to install it, follow the guidelines [from NixOS](https:\u002F\u002Fnix.dev) or [nix-darwin](https:\u002F\u002Fgithub.com\u002Fnix-darwin\u002Fnix-darwin).\n\n\u003Cdetails>\n\u003Csummary>Other installation methods\u003C\u002Fsummary>\n\n**Go install:**\n\n```bash\ngo install github.com\u002FUse-Tusk\u002Ffence\u002Fcmd\u002Ffence@latest\n```\n\n**Build from source:**\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002FUse-Tusk\u002Ffence\ncd fence\ngo build -o fence .\u002Fcmd\u002Ffence\n```\n\n\u003C\u002Fdetails>\n\n**Additional requirements for Linux:**\n\n- `bubblewrap` (for sandboxing)\n- `socat` (for network bridging)\n- `bpftrace` (optional, for filesystem violation visibility when monitoring with `-m`)\n\n## Usage\n\n### Basic\n\n```bash\n# Run command with all network blocked (no domains allowed by default)\nfence curl https:\u002F\u002Fexample.com\n\n# Run with shell expansion\nfence -c \"echo hello && ls\"\n\n# Enable debug logging\nfence -d curl https:\u002F\u002Fexample.com\n\n# Use a template\nfence -t code -- claude  # Runs Claude Code using `code` template config\n\n# Monitor mode (shows violations)\nfence -m npm install\n\n# Inspect the config inheritance chain and active merged config\nfence config show\n\n# Show all commands and options\nfence --help\n```\n\n> [!TIP]\n> Need to pass flags to the command you are running? Use `--` to separate Fence flags from command flags, for example:\n>\n> ```bash\n> fence -- claude --dangerously-skip-permissions\n> ```\n\n### Configuration\n\nWhen `--settings` is not provided, Fence first looks for `fence.json` in the current directory and parent directories. If none is found, it falls back to `~\u002F.config\u002Ffence\u002Ffence.json`. See [configuration reference](.\u002Fdocs\u002Fconfiguration.md) for more details.\n\n```json\n{\n  \"$schema\": \"https:\u002F\u002Fraw.githubusercontent.com\u002FUse-Tusk\u002Ffence\u002Fmain\u002Fdocs\u002Fschema\u002Ffence.schema.json\",\n  \"extends\": \"code\",\n  \"network\": { \"allowedDomains\": [\"private.company.com\"] },\n  \"filesystem\": { \"allowWrite\": [\".\"] },\n  \"command\": { \"deny\": [\"git push\", \"npm publish\"] }\n}\n```\n\nFor repo-local overrides on top of each user's normal Fence config, use:\n\n```json\n{\n  \"extends\": \"@base\",\n  \"filesystem\": { \"allowWrite\": [\".\"] }\n}\n```\n\nUse `fence --settings .\u002Fcustom.json` to specify a different config.\n\nInspect the active config without running a command:\n\n```bash\nfence config show\nfence config show --settings .\u002Fcustom.json\nfence config show --template code\n```\n\n`fence config show` prints the config chain to `stderr` and the fully resolved config as plain JSON to `stdout`, so you can pipe the JSON to tools like `jq`.\n\nCreate a starter config with sensible defaults:\n\n```bash\n# Creates config at the default path with:\n# { \"extends\": \"code\" }\nfence config init\n\n# Include scaffold arrays as editable hints\nfence config init --scaffold\n```\n\n### Import from Claude Code\n\n```bash\nfence import --claude --save\n```\n\n## Features\n\n- **Network isolation** - All outbound blocked by default; allowlist domains via config\n- **Filesystem restrictions** - Control read\u002Fwrite access paths\n- **Command blocking** - Deny dangerous commands like `rm -rf \u002F`, `git push`\n- **SSH Command Filtering** - Control which hosts and commands are allowed over SSH\n- **Built-in templates** - Pre-configured rulesets for common workflows\n- **Violation monitoring** - Real-time logging of blocked requests (`-m`)\n- **Cross-platform** - macOS (sandbox-exec) + Linux (bubblewrap)\n\nFence can be used as a Go package or CLI tool.\n\n## Documentation\n\n- [Index](\u002Fdocs\u002FREADME.md)\n- [Quickstart Guide](docs\u002Fquickstart.md)\n- [Configuration Reference](docs\u002Fconfiguration.md)\n- [Security Model](docs\u002Fsecurity-model.md)\n- [Architecture](ARCHITECTURE.md)\n- [Library Usage (Go)](docs\u002Flibrary.md)\n- [Examples](examples\u002F)\n\n## Attribution\n\nInspired by Anthropic's [sandbox-runtime](https:\u002F\u002Fgithub.com\u002Fanthropic-experimental\u002Fsandbox-runtime).\n","![围栏横幅](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FUse-Tusk_fence_readme_d357da8b398a.png)\n\n\u003Cdiv align=\"center\">\n\n![GitHub 发布](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002FUse-Tusk\u002Ffence)\n[![构建与测试](https:\u002F\u002Fgithub.com\u002FUse-Tusk\u002Ffence\u002Factions\u002Fworkflows\u002Fmain.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FUse-Tusk\u002Ffence\u002Factions\u002Fworkflows\u002Fmain.yml)\n[![许可证](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-Apache_2.0-blue.svg)](https:\u002F\u002Fopensource.org\u002Flicenses\u002FApache-2.0)\n\n\u003C\u002Fdiv>\n\nFence 将命令包裹在一个沙箱中，默认情况下会阻止网络访问，并根据可配置的规则限制文件系统操作。它最适合用于运行半可信代码（如包安装、构建脚本、CI 任务、不熟悉的代码仓库），以控制其副作用，同时也可以作为深度防御手段来补充 AI 编码助手。\n\n```bash\n# 阻止所有网络访问（默认）\nfence curl https:\u002F\u002Fexample.com  # → 403 Forbidden\n\n# 允许特定域名\nfence -t code npm install  # → 使用 'code' 模板，允许 npm\u002Fpypi 等\n\n# 阻止危险命令\nfence -c \"rm -rf \u002F\"  # → 被命令拒绝规则拦截\n```\n\n你也可以将 Fence 视为 CLI 助手的权限管理器。**Fence 可以与流行的编码助手一起使用，例如 Claude Code、Codex、Amp、Gemini CLI、Cursor Agent、OpenCode、Factory (Droid) CLI 等。** 更多信息请参阅 [agents.md](.\u002Fdocs\u002Fagents.md)。\n\n## 安装\n\n**macOS \u002F Linux:**\n\n```bash\ncurl -fsSL https:\u002F\u002Fcli.fencesandbox.com\u002Finstall.sh | sh\n```\n\n**Homebrew (macOS):**\n\n```bash\nbrew tap use-tusk\u002Ftap\nbrew install use-tusk\u002Ftap\u002Ffence\n```\n\n**Nix (macOS、Linux、Windows (WSL)):**\n\n```sh\nnix run nixpkgs#fence -- --help\n```\n\n这会直接从仓库运行，而无需安装 `fence`。如果你想安装它，请遵循 [NixOS](https:\u002F\u002Fnix.dev) 或 [nix-darwin](https:\u002F\u002Fgithub.com\u002Fnix-darwin\u002Fnix-darwin) 的指南。\n\n\u003Cdetails>\n\u003Csummary>其他安装方法\u003C\u002Fsummary>\n\n**Go 安装:**\n\n```bash\ngo install github.com\u002FUse-Tusk\u002Ffence\u002Fcmd\u002Ffence@latest\n```\n\n**从源码构建:**\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002FUse-Tusk\u002Ffence\ncd fence\ngo build -o fence .\u002Fcmd\u002Ffence\n```\n\n\u003C\u002Fdetails>\n\n**Linux 的额外要求：**\n\n- `bubblewrap`（用于沙箱）\n- `socat`（用于网络桥接）\n- `bpftrace`（可选，用于在使用 `-m` 监控时查看文件系统违规情况）\n\n## 使用\n\n### 基本用法\n\n```bash\n# 运行命令时完全阻止网络访问（默认不允许任何域名）\nfence curl https:\u002F\u002Fexample.com\n\n# 启用 shell 展开\nfence -c \"echo hello && ls\"\n\n# 开启调试日志\nfence -d curl https:\u002F\u002Fexample.com\n\n# 使用模板\nfence -t code -- claude  # 使用 `code` 模板配置运行 Claude Code\n\n# 监控模式（显示违规行为）\nfence -m npm install\n\n# 检查配置继承链和当前生效的合并配置\nfence config show\n\n# 显示所有命令和选项\nfence --help\n```\n\n> [!TIP]\n> 如果需要向你要运行的命令传递参数，可以使用 `--` 来分隔 Fence 的参数和命令的参数，例如：\n>\n> ```bash\n> fence -- claude --dangerously-skip-permissions\n> ```\n\n### 配置\n\n当未提供 `--settings` 时，Fence 会首先在当前目录及其父目录中查找 `fence.json` 文件。如果未找到，则回退到 `~\u002F.config\u002Ffence\u002Ffence.json`。更多详细信息请参阅 [配置参考](.\u002Fdocs\u002Fconfiguration.md)。\n\n```json\n{\n  \"$schema\": \"https:\u002F\u002Fraw.githubusercontent.com\u002FUse-Tusk\u002Ffence\u002Fmain\u002Fdocs\u002Fschema\u002Ffence.schema.json\",\n  \"extends\": \"code\",\n  \"network\": { \"allowedDomains\": [\"private.company.com\"] },\n  \"filesystem\": { \"allowWrite\": [\".\"] },\n  \"command\": { \"deny\": [\"git push\", \"npm publish\"] }\n}\n```\n\n对于每个用户常规 Fence 配置之上的仓库本地覆盖，可以使用：\n\n```json\n{\n  \"extends\": \"@base\",\n  \"filesystem\": { \"allowWrite\": [\".\"] }\n}\n```\n\n使用 `fence --settings .\u002Fcustom.json` 可以指定不同的配置。\n\n在不运行命令的情况下检查当前生效的配置：\n\n```bash\nfence config show\nfence config show --settings .\u002Fcustom.json\nfence config show --template code\n```\n\n`fence config show` 会将配置链打印到 `stderr`，并将完全解析后的配置以纯 JSON 格式输出到 `stdout`，因此你可以将 JSON 管道到诸如 `jq` 之类的工具中。\n\n创建一个带有合理默认值的初始配置：\n\n```bash\n# 在默认路径创建配置，内容为：\n# { \"extends\": \"code\" }\nfence config init\n\n# 包含可编辑的提示性支架数组\nfence config init --scaffold\n```\n\n### 从 Claude Code 导入\n\n```bash\nfence import --claude --save\n```\n\n## 特性\n\n- **网络隔离** - 默认阻止所有出站连接；可通过配置允许特定域名\n- **文件系统限制** - 控制读写访问路径\n- **命令阻断** - 拒绝危险命令，如 `rm -rf \u002F`、`git push`\n- **SSH 命令过滤** - 控制通过 SSH 允许访问的主机和执行的命令\n- **内置模板** - 针对常见工作流的预配置规则集\n- **违规监控** - 实时记录被拦截的请求（`-m`）\n- **跨平台** - macOS（sandbox-exec）+ Linux（bubblewrap）\n\nFence 可以作为 Go 包或 CLI 工具使用。\n\n## 文档\n\n- [索引](\u002Fdocs\u002FREADME.md)\n- [快速入门指南](docs\u002Fquickstart.md)\n- [配置参考](docs\u002Fconfiguration.md)\n- [安全模型](docs\u002Fsecurity-model.md)\n- [架构](ARCHITECTURE.md)\n- [库使用（Go）](docs\u002Flibrary.md)\n- [示例](examples\u002F)\n\n## 致谢\n\n灵感来源于 Anthropic 的 [sandbox-runtime](https:\u002F\u002Fgithub.com\u002Fanthropic-experimental\u002Fsandbox-runtime)。","# Fence 快速上手指南\n\nFence 是一个命令行沙盒工具，默认阻断网络访问并根据可配置规则限制文件系统操作。它非常适合运行半信任代码（如包安装、构建脚本、CI 任务或不熟悉的仓库），也可作为 AI 编程助手（如 Claude Code、Cursor Agent 等）的防御层，防止意外副作用。\n\n## 环境准备\n\n### 系统要求\n- **macOS**: 支持 `sandbox-exec`\n- **Linux**: 需要以下依赖项\n- **Windows**: 仅支持通过 WSL (Windows Subsystem for Linux) 使用\n\n### 前置依赖 (Linux 用户必读)\n在 Linux 上运行 Fence 前，请确保已安装以下工具：\n- `bubblewrap`: 用于实现沙盒隔离\n- `socat`: 用于网络桥接\n- `bpftrace` (可选): 当使用 `-m` 监控模式时，用于可视化文件系统违规行为\n\n> **提示**: 大多数现代 Linux 发行版可通过包管理器安装，例如 Ubuntu\u002FDebian:\n> ```bash\n> sudo apt-get install bubblewrap socat bpftrace\n> ```\n\n## 安装步骤\n\n请选择适合你系统的安装方式：\n\n### 方式一：一键脚本 (推荐 macOS \u002F Linux)\n```bash\ncurl -fsSL https:\u002F\u002Fcli.fencesandbox.com\u002Finstall.sh | sh\n```\n\n### 方式二：Homebrew (macOS)\n```bash\nbrew tap use-tusk\u002Ftap\nbrew install use-tusk\u002Ftap\u002Ffence\n```\n\n### 方式三：Nix (macOS, Linux, Windows WSL)\n直接运行（无需安装）：\n```sh\nnix run nixpkgs#fence -- --help\n```\n若需永久安装，请参考 [NixOS](https:\u002F\u002Fnix.dev) 或 [nix-darwin](https:\u002F\u002Fgithub.com\u002Fnix-darwin\u002Fnix-darwin) 官方文档。\n\n### 方式四：Go 安装\n```bash\ngo install github.com\u002FUse-Tusk\u002Ffence\u002Fcmd\u002Ffence@latest\n```\n\n## 基本使用\n\n### 1. 默认阻断网络\n运行命令时，默认禁止所有出站网络连接：\n```bash\nfence curl https:\u002F\u002Fexample.com  # 结果：403 Forbidden\n```\n\n### 2. 使用预设模板\nFence 内置了常用场景的模板。例如，使用 `code` 模板允许 npm\u002Fpypi 等包管理器的必要域名：\n```bash\nfence -t code npm install\n```\n\n结合 AI 助手使用（以 Claude Code 为例）：\n```bash\nfence -t code -- claude\n```\n\n### 3. 阻断危险命令\n自动拦截配置中禁止的高危命令：\n```bash\nfence -c \"rm -rf \u002F\"  # 结果：被命令拒绝规则拦截\n```\n\n### 4. 监控模式\n实时查看被拦截的网络或文件系统请求：\n```bash\nfence -m npm install\n```\n\n### 5. 传递参数给子命令\n如果需要向被执行的命令传递参数，请使用 `--` 进行分隔：\n```bash\nfence -- claude --dangerously-skip-permissions\n```\n\n### 6. 配置管理\n查看当前生效的配置（合并后的结果）：\n```bash\nfence config show\n```\n\n初始化一个包含合理默认的配置文件：\n```bash\nfence config init\n```\n\n> **注意**: Fence 会优先查找当前目录及父目录下的 `fence.json`，若未找到则使用 `~\u002F.config\u002Ffence\u002Ffence.json`。","某后端工程师在 CI 流水线中自动执行第三方开源库的安装与构建脚本，这些代码来源复杂且包含未知的网络请求逻辑。\n\n### 没有 fence 时\n- 构建脚本可能偷偷连接恶意域名下载后门程序，导致内网服务器被入侵。\n- 不受控的代码可能误执行 `rm -rf` 等危险命令，意外删除生产环境的关键配置文件。\n- 缺乏细粒度权限管控，一旦脚本出错，整个文件系统的读写权限都面临暴露风险。\n- 审计困难，无法直观区分哪些网络请求是业务必需的，哪些是异常行为。\n\n### 使用 fence 后\n- fence 默认阻断所有网络连接，仅允许配置中的特定域名（如 npm  registry），彻底切断恶意外联。\n- 通过命令拒绝规则（deny rules），fence 直接拦截 `rm -rf \u002F` 等高危操作，确保系统核心文件安然无恙。\n- 利用文件系统沙箱，fence 将写入权限严格限制在当前项目目录，防止脚本越界修改系统配置。\n- 开启监控模式（-m）后，fence 实时记录并展示违规尝试，让开发者清晰掌握脚本的真实行为边界。\n\nfence 通过轻量级无容器沙箱，为不可信代码的执行构建了坚实的“零信任”防线，让自动化流程既高效又安全。","https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FUse-Tusk_fence_d357da8b.png","Use-Tusk","Tusk","https:\u002F\u002Foss.gittoolsai.com\u002Favatars\u002FUse-Tusk_1cc7185f.png","AI testing platform for unit and API tests",null,"support@usetusk.ai","usetusk","https:\u002F\u002Fusetusk.ai\u002F","https:\u002F\u002Fgithub.com\u002FUse-Tusk",[85,89,93,97,101],{"name":86,"color":87,"percentage":88},"Go","#00ADD8",94.4,{"name":90,"color":91,"percentage":92},"Shell","#89e051",4.7,{"name":94,"color":95,"percentage":96},"Makefile","#427819",0.5,{"name":98,"color":99,"percentage":100},"Python","#3572A5",0.3,{"name":102,"color":103,"percentage":104},"Nix","#7e7eff",0,594,18,"2026-04-04T17:26:42","Apache-2.0","Linux, macOS, Windows (WSL via Nix)","未说明",{"notes":112,"python":110,"dependencies":113},"该工具主要基于 Go 语言开发，非 Python AI 模型。在 Linux 上运行沙箱功能必须安装 bubblewrap 和 socat；可选安装 bpftrace 以监控文件系统违规。macOS 使用内置的 sandbox-exec，Windows 仅支持通过 Nix 在 WSL 环境中运行。",[114,115,116,117],"bubblewrap (Linux)","socat (Linux)","bpftrace (Linux, optional)","Go (for building from source)",[15],[120,121,122,123,124,125,126,127],"bubblewrap","code-security","coding-agent","landlock","sandbox","seatbelt","seccomp","socat","2026-03-27T02:49:30.150509","2026-04-06T09:44:28.438777",[131,136,141,146,151,156,161],{"id":132,"question_zh":133,"answer_zh":134,"source_url":135},10247,"如何向 fence 沙箱中的命令传递参数，特别是包含以短横线开头的标志时？","使用双短横线 `--` 来分隔 fence 的参数和要执行的命令及其参数。例如：`fence -- my command --with -flags`。如果不加 `--`，任何以 `-` 开头的标志都会被解释为 fence 自身的参数，而不是传递给内部命令。","https:\u002F\u002Fgithub.com\u002FUse-Tusk\u002Ffence\u002Fissues\u002F63",{"id":137,"question_zh":138,"answer_zh":139,"source_url":140},10248,"在 WSL2 环境下，fence 启动后卡在 \"Sandbox manager initialized\" 且不执行命令怎么办？","这通常是因为 `$PATH` 环境变量中包含了 Windows 路径（如 `\u002Fmnt\u002Fc\u002F...`），导致沙箱初始化挂起。该问题已在 v0.1.41 版本中修复。请升级 fence 到最新版本（`brew upgrade fence` 或通过其他包管理器更新）以解决此问题。","https:\u002F\u002Fgithub.com\u002FUse-Tusk\u002Ffence\u002Fissues\u002F95",{"id":142,"question_zh":143,"answer_zh":144,"source_url":145},10249,"macOS 上 fence 的配置文件默认路径在哪里？可以更改吗？","默认情况下，macOS 上的配置文件位于 `~\u002FLibrary\u002FApplication Support\u002Ffence\u002Ffence.json`。虽然这是 macOS GUI 应用的标准路径，但对于命令行工具，社区更倾向于使用 `~\u002F.config\u002Ffence\u002Ffence.json`（与 Linux 一致）。维护者已确认可以考虑更改此行为以符合用户习惯，建议关注后续版本更新或手动创建符号链接\u002F配置文件到偏好位置。","https:\u002F\u002Fgithub.com\u002FUse-Tusk\u002Ffence\u002Fissues\u002F75",{"id":147,"question_zh":148,"answer_zh":149,"source_url":150},10250,"如何在 NixOS 或其他系统中获取 fence 的 Shell 自动补全脚本？","Fence 支持生成 bash、zsh、fish 和 nushell 的补全脚本。如果你是通过 Nixpkgs 安装，补全脚本通常已包含在包中。对于其他安装方式，请检查 fence 是否提供了类似 `fence completion \u003Cshell>` 的命令（具体命令需参考最新文档），或者查看包管理器的说明以启用补全功能。","https:\u002F\u002Fgithub.com\u002FUse-Tusk\u002Ffence\u002Fissues\u002F21",{"id":152,"question_zh":153,"answer_zh":154,"source_url":155},10251,"为什么在 WSL 中使用 fence 访问 `\u002Fetc\u002Fresolv.conf` 或 `\u002Fmnt\u002Fc` 等路径时会遇到权限拒绝错误？","这是因为 fence 默认通过 `--ro-bind \u002F \u002F` 将整个根文件系统只读绑定，但 bwrap 的绑定是非递归的，因此不会自动包含 WSL 特有的挂载点（如 `\u002Fmnt\u002Fwsl` 或 drvfs\u002F9p 挂载的 Windows 驱动器）。目前的变通方法是确保这些路径被正确识别，未来版本可能会自动检测 `\u002Fproc\u002Fmounts` 中的 drvfs\u002F9p 挂载并自动绑定。目前在配置文件中添加 `allowRead` 可能无法直接生效，因为存在已知行为差异。","https:\u002F\u002Fgithub.com\u002FUse-Tusk\u002Ffence\u002Fissues\u002F30",{"id":157,"question_zh":158,"answer_zh":159,"source_url":160},10252,"是否支持动态审批被拒绝的域名、文件或命令（即交互式确认）？","目前不支持。经过评估，在 macOS 和 Linux 上实现通用的交互式“询问”（ask）模式可行性较低。现有的安全模型倾向于预先定义允许列表（allow list）或拒绝列表（deny list），而不是在运行时进行人工干预。如果资源被拒绝，它将保持拒绝状态，需要用户修改配置文件来显式允许。","https:\u002F\u002Fgithub.com\u002FUse-Tusk\u002Ffence\u002Fissues\u002F66",{"id":162,"question_zh":163,"answer_zh":164,"source_url":165},10253,"在 macOS 上通过 Homebrew 安装 fence 后遇到 403 错误怎么办？","如果在 macOS 上遇到连接 `formulae.brew.sh` 的 403 错误，这可能是网络或缓存问题。尝试清除 opencode 缓存，然后重新运行 fence 两次通常可以解决问题。如果问题持续，可能需要检查是否需要将 `formulae.brew.sh` 添加到 fence 的默认允许列表中，或者检查是否有 TUI 相关的报错信息（避免使用 `-m` 标志，因为它会将 stderr 混合输出导致 TUI 不可用）。","https:\u002F\u002Fgithub.com\u002FUse-Tusk\u002Ffence\u002Fissues\u002F44",[167,172,177,182,187,192,197,202,207,212,217,222,227,232,237,242,247,252,257,262],{"id":168,"version":169,"summary_zh":170,"released_at":171},107495,"v0.1.42","## Changelog\n### Bug fixes\n* 90707e3775040d3b80de564a202a414673c9b1f7: fix: preserve denyRead precedence in linux mount planner (#100) (@jy-tan)\n* 669298214274f39a2c02b49cc577efd38f386e83: fix: restore Linux PTY and toolchain access for sandboxed CLIs (#105) (@jy-tan)\n* a24ce65c6c4fb2f9192dbdb74b375b8e9e1effc2: fix: stage linux sandbox bootstrap executables (#106) (@jy-tan)\n### Other work\n* b1221ad64e086874749e1548c081731e2b2075db: Update dependabot GitHub Action rule (@jy-tan)\n* 2086bfccef067e788bf345273651c2a52656ba45: chore: add dependabot config (#101) (@jy-tan)\n\n","2026-04-03T08:17:27",{"id":173,"version":174,"summary_zh":175,"released_at":176},107496,"v0.1.41","## Changelog\n### Bug fixes\n* b13c863e96242ef816691a335fe16ed32a84ac69: fix: deduplicate macos seatbelt rules (#99) (@jy-tan)\n### Other work\n* f624e5fcb7e2ddec44cd50af4fed2644e82e247b: Support GitHub Copilot (@jy-tan)\n* 6e66d9defe00fa37b3faa09ded4e219aa712fec9: perf: reduce WSL runtime exec deny startup cost (#98) (@jy-tan)\n\n","2026-04-02T07:13:48",{"id":178,"version":179,"summary_zh":180,"released_at":181},107497,"v0.1.40","## Changelog\n### New Features\n* d5bce6adfaa35f96d401f290f59cfe24de617031: feat: add `config show` command for active config inspection (#94) (@jy-tan)\n### Other work\n* 625d52b8c3f4588856a3b68a71d37ccc610b7d0f: Update install URL on README.md (@jy-tan)\n\n","2026-03-31T21:32:13",{"id":183,"version":184,"summary_zh":185,"released_at":186},107498,"v0.1.39","## Changelog\n### New Features\n* 202f19174ff4d1c181aef78f5f7f05de280a969c: feat: auto-discover project configs (#93) (@jy-tan)\n### Other work\n* a4118d983f5ba4d1352ec77fe91f24641be7def6: Support Amp (@jy-tan)\n* 1614f729f71a963804aa3fe811569bdb8a55d0c8: Support Crush (@jy-tan)\n* 107f9d668ae5f0ce2426188ed740b648999ec464: Update README.md badges (@jy-tan)\n* 8eccd87378c6cd2d1a0d301822cb76d52ff2f552: Update release workflow to host install script (@jy-tan)\n* bd794838bf8b3f319c59806d859bf9b82ba5c05b: config-schema: add descriptions (#91) (@dwt)\n\n","2026-03-30T01:34:46",{"id":188,"version":189,"summary_zh":190,"released_at":191},107499,"v0.1.38","## Changelog\n### Bug fixes\n* c4149319fcd2a1761bb89203476c45ca479dccf2: fix: detect multilink binaries and add option to skip runtime deny for them (#70) (@dwt)\n* cb83cf13ff432c4978d6826b1a6aa6e68c300e42: fix: use `os.SameFile` for cross-platform shared executable detection (#89) (@jy-tan)\n### Other work\n* b20b5fa8f5222e2228fa0352afe6a10762efd94f: Add gopls and gotestsum to shell.nix (#88) (@dwt)\n\n","2026-03-26T18:35:59",{"id":193,"version":194,"summary_zh":195,"released_at":196},107500,"v0.1.37","## Changelog\n### Bug fixes\n* 0ba4319f318a50dadf629ad1c56b8c65602cfed1: fix: restore linux interactive PTY and runtime-dir behavior (#84) (@jy-tan)\n### Other work\n* e586d56f296300ea33ce2b72f05035a80457fc10: Support Pi coding agent (@jy-tan)\n* f1b7e2b38fdd1a8f266a5eced9cd329c8a5e4891: Update configuration doc (@jy-tan)\n* 1e6b2d3145a6ab43c1b203de90b8a05e57a8e759: Update docs (@jy-tan)\n\n","2026-03-23T01:23:28",{"id":198,"version":199,"summary_zh":200,"released_at":201},107501,"v0.1.36","## Changelog\n### Bug fixes\n* 8d96d46ee32cb540814f6c3fdb9e2590fe110d78: fix: preserve minimal `\u002Fdev` mounts in linux sandboxes (#83) (@jy-tan)\n* 89bbe92e5c434db157ee443964583d3cd04a8d79: fix: use `~\u002F.config` as the canonical macOS config path (#81) (@jy-tan)\n\n","2026-03-19T23:45:49",{"id":203,"version":204,"summary_zh":205,"released_at":206},107502,"v0.1.35","## Changelog\n### Bug fixes\n* 5e925f5f379262937e011be4e4176c7480169fdb: fix(linux): respect allowGitConfig on sandbox (#77) (@zerone0x)\n* ce873402d2e94a1a8c82d4279fa49e77659c37c6: fix: make linux device setup container-safe (#80) (@jy-tan)\n### Other work\n* 611b87fc60e92e33d6a374841a43b74970692452: Fix lint (@jy-tan)\n\n","2026-03-18T00:51:11",{"id":208,"version":209,"summary_zh":210,"released_at":211},107503,"v0.1.34","## Changelog\n### Bug fixes\n* fded07f1b7a0a99990d8063c29af8b229d46bb10: fix: harden linux sandbox reverse bridge startup (#78) (@jy-tan)\n\n","2026-03-17T09:22:03",{"id":213,"version":214,"summary_zh":215,"released_at":216},107504,"v0.1.33","## Changelog\n### Bug fixes\n* 6f975affe0385584932af8a91a6cca83c1327b4b: fix: harden linux deny mount canonicalization (#60) (@jy-tan)\n* da9bfa14b446195d51d8586ddcb32a1a2b6e29e6: fix: match command deny prefixes ending with '=' (#68) (@dwt)\n### Other work\n* 95dd6754a960f6f7ae0f7e27956823288c474626: Add missing build binaries (#72) (@dwt)\n* cd60788c0c230b0af2283efaf313a6850b9ed848: Document how to run fence via Nix (#64) (@dwt)\n* 4f0418efac1398db37517f22c2b970fb658b7bc7: Expose config resolution and merging for library (@jy-tan)\n* b92c7d156ef896929e1a6b41a5640a087edbb0db: chore: add direnv nix shell for dev dependencies (#69) (@dwt)\n\n","2026-03-13T21:23:41",{"id":218,"version":219,"summary_zh":220,"released_at":221},107505,"v0.1.32","## Changelog\n### Bug fixes\n* 6ab69757eb8a11f7e3943500bf459353035a0110: fix: make linux mandatory deny mounts symlink-aware (#58) (@jy-tan)\n### Other work\n* f69a2d24db3d884cc3b1b4e323e4ab298e7897f8: Fix interactive shell job control by setting foreground process group (#56) (@NiltonVolpato)\n* 35d39e99f5fbf3a94741a38245e2e66d444a27e0: Fix lint (@jy-tan)\n\n","2026-02-25T00:56:32",{"id":223,"version":224,"summary_zh":225,"released_at":226},107506,"v0.1.31","## Changelog\n### Bug fixes\n* c263caee2573597509e56b4f5f750167bd92ef26: fix: canonicalize runtime denied exec paths (#53) (@jy-tan)\n* 10944cf15260a4522caaf641cdeac6b3d2a44922: fix: restore Linux TUI redraw on resize (#54) (@jy-tan)\n\n","2026-02-24T08:31:20",{"id":228,"version":229,"summary_zh":230,"released_at":231},107507,"v0.1.30","## Changelog\n### Bug fixes\n* f0f41075b3ec0e0107d6948765cd68abb6ed92e6: fix: enforce runtime exec deny for child processes (#49) (@jy-tan)\n### Other work\n* 359d491502bd7922d48b20682a3d791154e4f2d9: Add morphllm to code template (@jy-tan)\n\n","2026-02-22T22:11:19",{"id":233,"version":234,"summary_zh":235,"released_at":236},107508,"v0.1.29","## Changelog\n### Bug fixes\n* 2d3a203e9ad138229183512555d866ea7f6f0f77: fix: ensure sandbox TMPDIR exists before command execution (#47) (@jy-tan)\n\n","2026-02-20T21:13:19",{"id":238,"version":239,"summary_zh":240,"released_at":241},107509,"v0.1.28","## Changelog\n### New Features\n* ab0903e882a139ec8b005fe505a67841ea3adffe: feat: add opt-in user shell selection for sandbox commands (#45) (@jy-tan)\n### Other work\n* f0a1c016db1cddf3d4ada30dadbc2cd480fd1d0d: Add brew formula URL to code template allowedDomains (@jy-tan)\n\n","2026-02-19T22:08:05",{"id":243,"version":244,"summary_zh":245,"released_at":246},107510,"v0.1.27","## Changelog\n### New Features\n* 02ab663596d78771bafef6ef56326ade3604516c: feat: protect dangerous files in subdirectories with depth-limited walk (#41) (@jy-tan)\n\n","2026-02-17T01:08:26",{"id":248,"version":249,"summary_zh":250,"released_at":251},107511,"v0.1.26","## Changelog\n### New Features\n* 4ea39fd718b17f4b2761d76074afd14c17bb66e9: feat: add generated JSON schema for fence config (#40) (@jy-tan)\n\n","2026-02-16T20:05:25",{"id":253,"version":254,"summary_zh":255,"released_at":256},107512,"v0.1.25","## Changelog\n### Bug fixes\n* 3d8543976c8a441aaa6900c4cb61d0d8ae6d647f: fix: preserve denyRead precedence for dangerous paths on linux (#38) (@jy-tan)\n### Other work\n* d31c09736e442d6293d38a29051e9234d5ad29e6: Update README.md (@jy-tan)\n* fc6c8f93645412d5121146fcb5cd28e3c03e2325: Update docs about homebrew installs (@jy-tan)\n\n","2026-02-13T01:35:19",{"id":258,"version":259,"summary_zh":260,"released_at":261},107513,"v0.1.24","## Changelog\n### Other work\n* 32c8ed304f3f9347e9b148ca014c877b39d1c34e: Publish to homebrew (@jy-tan)\n* 8e7162d883e41204d4f7bea81710f8c3a1d8bffe: Update .goreleaser.yaml (@jy-tan)\n\n","2026-02-12T23:03:50",{"id":263,"version":264,"summary_zh":265,"released_at":266},107514,"v0.1.23","## Changelog\n### New Features\n* ed4b4a52db99052ffbb06965f2380407131d17c1: feat: add config init scaffolding and shared config file writer (#35) (@jy-tan)\n\n","2026-02-11T00:25:04"]