Hatch is a capability-based sandbox for MCP (Model Context Protocol) servers on Linux and macOS. Each server runs under a signed TOML manifest that declares its network destinations, filesystem paths, subprocess permissions, and per-tool argument rules in a CEL subset, enforced by user/mount/pid/net namespaces + cgroups + iptables on Linux and sandbox-exec + PF on macOS, plus an SNI-filtering proxy and DNS allowlist for egress. The threat model is the contract: "what hatch does NOT protect against" sits right next to "what it does."
1 / 2