# Bondage

> A local C launcher for coding agents that verifies exact artifacts, optionally releases secrets with envchain-xtra, optionally sandboxes with nono, and keeps shell logic out of the trust boundary.

## What it is

Bondage exists because coding agents should not run loose with live keys, weak dependency provenance, and broad ambient environment access. It verifies exact absolute paths and exact hashes, optionally releases secrets through envchain-xtra, optionally applies nono sandbox profiles, and then execs the exact target.

## Trust anchors

- The operating system remains the strongest available layer for secret storage and signing identity.
- Keychain is the preferred secret store when envchain-xtra is used.
- Signing identity, where available, is useful as an approval and drift signal.
- Bondage should trust exact artifacts, not a shell alias or mutable PATH result.

## What it does not solve

- It does not make a bad npm tree trustworthy.
- It does not fix host compromise before launch.
- It does not override human mistakes about what should get secrets.

## Install

```sh
brew tap nvk/tap
brew install nvk/tap/agent-bondage
brew install nvk/tap/envchain-xtra
```

## Core docs

- Homepage: https://agentbondage.org/
- Full LLM reference: https://agentbondage.org/llms-full.txt
- Source: https://github.com/nvk/bondage
- Getting Started: https://github.com/nvk/bondage/blob/main/GETTING_STARTED.md
- Trust Model: https://github.com/nvk/bondage/blob/main/TRUST_MODEL.md
- envchain-xtra: https://github.com/nvk/envchain-xtra
- Homebrew tap: https://github.com/nvk/homebrew-tap

## Key facts

- Maintainer: https://github.com/nvk
- Language: C
- Companion secret layer: envchain-xtra
- Optional sandbox layer: nono
- Intended trust chain: `shell name -> bondage -> [envchain-xtra] -> [nono] -> exact target`