Fence is a command-line tool designed to create a secure environment for executing potentially risky commands. By default, it blocks all network access and restricts filesystem operations based on customizable rules. This makes it particularly useful for running semi-trusted code, such as package installations, build scripts, or CI jobs. For example, a simple command like `fence curl https://example.com` will result in a "403 Forbidden" response due to the network access restrictions. Users can configure Fence to allow specific domains or to block certain dangerous commands. For instance, the command `fence -c "rm -rf /"` will be blocked by default command deny rules. It also integrates with popular coding agents like Claude Code and Codex, functioning as a permission manager for these tools. You can install Fence on macOS and Linux using curl or Homebrew, among other methods, and it requires additional tools like bubblewrap and socat for full functionality. The tool supports various features such as monitoring for violations, enabling debug logging, and using templates for common workflows. Configuration files can be easily created and modified, allowing users to set allowed domains, filesystem access paths, and blocked commands. For those who prefer a hands-on approach, Fence can also be used as a Go package or built from source. Its design is inspired by Anthropic's sandbox-runtime, emphasizing security and control in executing commands.