deck-sandbox 0.1.1

seccomp + landlock sandbox host for untrusted MCP servers (ono-sendai)

Coverage
77.78%
7 out of 9 items documented0 out of 3 items with examples
Size
Source code size: 33.88 kB This is the summed size of all the files inside the crates.io package for this release.
Documentation size: 512.49 kB This is the summed size of all files generated by rustdoc for all configured targets
Ø build duration
this release: 25s Average build duration of successful builds.
all releases: 25s Average build duration of successful builds in releases after 2024-10-23.
Links
hinanohart/ono-sendai
0 0 0
crates.io
Dependencies
Versions
- 0.1.1 (2026-05-17)
Owners

deck-sandbox — the ICE.

Wraps a child process (an MCP server) with a seccomp BPF filter and a landlock filesystem ruleset. On non-Linux targets, this crate degrades to a no-op stub so the workspace still builds, but [enforces] reports false and --sandbox-strict will refuse to launch untrusted servers.

This is the one feature that distinguishes ono-sendai from every other LLM TUI on GitHub: you can run an untrusted MCP server and trust that, at worst, it can only touch the paths you whitelisted.