Secure read-only sandboxing for LLM agents and system diagnostics

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for corv from gravatar.com corv

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache-2.0
  • Author: corv89
  • Tags sandbox , bubblewrap , security , read-only , llm , diagnostics
  • Requires: Python >=3.10
  • Provides-Extra: minimal , dev
Classifiers
Report project as malware

Project description

Shannot Sandbox

Tests License Python Linux

Shannot lets LLM agents and automated tools safely explore your Linux systems without risk of modification. Built on bubblewrap, it provides hardened sandboxing for system diagnostics, monitoring, and exploration - perfect for giving Claude or other AI assistants safe access to your servers.

Claude shannot do that!

Features

🔒 Run Untrusted Commands Safely

  • Let LLM agents explore your system without risk of modification
  • Network-isolated execution
  • Control exactly which commands are allowed

🤖 Works with your favorite LLMs

  • Plug-and-play standards-compliant MCP integration
  • Convenient auto-install for Claude Code, Codex, LM Studio and Claude Desktop
  • Compatible with any local model that supports tool-calling

🌐 Control Remote Systems

  • Run sandboxed commands on Linux servers from macOS, Windows or Linux via SSH

Deploy in Minutes

  • Lightweight Python client + bubblewrap on target
  • No containers, VMs, or complex setup required

Quick Start

# Install UV (recommended - handles Python 3.10+ requirement automatically)
curl -LsSf https://astral.sh/uv/install.sh | sh

# Install Shannot
uv tool install shannot

# On Linux: install bubblewrap
sudo apt install bubblewrap  # Debian/Ubuntu
sudo dnf install bubblewrap  # Fedora/RHEL

# Run commands in sandbox
shannot ls /
shannot df -h
shannot cat /etc/os-release

Alternative: pip install shannot (requires Python 3.10+, may conflict with system package managers)

See Installation Guide for details.

Profiles

Control what commands are allowed with JSON profiles:

shannot ls /                          # Uses minimal.json (default)
shannot --profile diagnostics df -h   # System monitoring commands
shannot --profile systemd journalctl  # Journal access

See Profile Configuration for customization.

Python API

from shannot import SandboxManager, load_profile_from_path

profile = load_profile_from_path("diagnostics.json")
manager = SandboxManager(profile)

result = manager.run(["df", "-h"])
print(result.stdout)

See API Reference for details.

Documentation

📚 Full DocumentationInstallationMCP IntegrationAPI Reference

Security Note

Shannot provides strong isolation but is not a security boundary. Don't run as root unless necessary. See SECURITY.md for details.

License

Apache 2.0 - See LICENSE

Built on Bubblewrap and libseccomp

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for corv from gravatar.com corv

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache-2.0
  • Author: corv89
  • Tags sandbox , bubblewrap , security , read-only , llm , diagnostics
  • Requires: Python >=3.10
  • Provides-Extra: minimal , dev
Classifiers

Release history Release notifications | RSS feed

0.11.0

0.10.3

0.10.2

0.10.1

0.10.0

0.9.4

0.9.3

0.9.2

0.9.1

0.9.0

0.8.7

0.8.6

0.8.5

0.8.4

0.8.3

0.8.2

This version

0.3.1

0.3.0

0.2.1

0.2.0

0.1.1 yanked

Reason this release was yanked:

Python 3.9 no longer supported. Please upgrade to Python 3.10+ and use shannot>=0.3.0

0.1.0 yanked

Reason this release was yanked:

Python 3.9 no longer supported. Please upgrade to Python 3.10+ and use shannot>=0.3.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

shannot-0.3.1.tar.gz (83.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

shannot-0.3.1-py3-none-any.whl (64.2 kB view details)

Uploaded Python 3

File details

Details for the file shannot-0.3.1.tar.gz.

File metadata

  • Download URL: shannot-0.3.1.tar.gz
  • Upload date:
  • Size: 83.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for shannot-0.3.1.tar.gz
Algorithm Hash digest
SHA256 27bfe49bf4a3adbf17437c83a349b327bd10a3c87d5b5e663c84e04d42132ab7
MD5 22f1a6b5b179941670e14693f9269352
BLAKE2b-256 cf00d90b42335a94f5f450c98164db05ea904c93391bfd41a9349418fe780b42

See more details on using hashes here.

Provenance

The following attestation bundles were made for shannot-0.3.1.tar.gz:

Publisher: release.yml on corv89/shannot

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file shannot-0.3.1-py3-none-any.whl.

File metadata

  • Download URL: shannot-0.3.1-py3-none-any.whl
  • Upload date:
  • Size: 64.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for shannot-0.3.1-py3-none-any.whl
Algorithm Hash digest
SHA256 0e711931fc267a3bd8b6956a089b1bfef42b8191e3df9f22c28b5dab1cf62a8f
MD5 22c3c0808cbd84a9871ed742044b061c
BLAKE2b-256 9f1f3c628f6a293861e737f22ed12711859d772b4ba8731f78a335134a2673cd

See more details on using hashes here.

Provenance

The following attestation bundles were made for shannot-0.3.1-py3-none-any.whl:

Publisher: release.yml on corv89/shannot

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page