skz-sloptrap

sloptrap entraps the OpenAI Codex CLI into a constrained container to prevent information leakage against an LLM provider.

Workflow

• Place sloptrap on your $PATH, point it at a project, and the tool builds a <project>-sloptrap-image if missing, verifies the Codex binary, and launches the CLI with --sandbox workspace-write.
• .sloptrap lets you pin image names, default targets, extra packages, and codex flags. .sloptrapignore masks folders by overlaying tmpfs mounts so secrets never reach the LLM.
• Targets such as run, shell, build, clean, and login orchestrate the lifecycle; --print-config and --dry-run inspect or preview runs.

1
2
3
4

name=skz-sloptrap
default_targets=run
packages_extra=make jq
codex_args=--sandbox workspace-write --profile security-audit

Containers run with --userns=keep-id, --cap-drop=ALL, --security-opt=no-new-privileges, read-only rootfs, tmpfs-backed /tmp and /run, and only /workspace plus ${HOME}/.codex mounted. make regress runs ShellCheck and scenario tests to guarantee the launcher cannot be tricked into escaping its sandbox.