Agent Safehouse restricts AI coding agents to only access files and integrations they explicitly need, using macOS’s sandbox-exec with composable deny-first policy profiles. It includes pre-built profiles for major coding agents and app-hosted agent workflows while keeping normal development usage practical. Developers install it via Homebrew or standalone script to add a hardening layer against unintended agent file access.