docs: update phrasing

Author: zekker6

README.md

@@ -1,12 +1,19 @@
 # devsandbox
 
-Sandbox your AI coding assistants. Run Claude Code, Copilot, aider, and other tools without exposing SSH keys, cloud credentials, or secrets.
+Your real dev environment, sandboxed per project. Run Claude Code, Copilot, aider, and other AI coding agents safely -- without giving up your shell, your `mise`-managed tools, or your editor configs.
 
-## The Problem
+## The DX gap
 
-AI coding assistants execute shell commands, install packages, and make network requests on your machine -- with full access to your `~/.ssh` keys, `~/.aws` credentials, `.env` secrets, and everything else. An AI agent with unrestricted access could read your `~/.ssh/id_ed25519`, exfiltrate `~/.aws/credentials` via an API call, or `rm -rf` your home directory.
+Docker and VMs isolate by *replacing* your dev environment. Fresh shell with no aliases. No `mise`, no editor, no prompt. Reinstall every tool inside the container, fight file watchers across the VM boundary, and wait 10-30 seconds for cold starts. So most people skip isolation entirely and let agents run on the host -- with full access to `~/.ssh`, cloud credentials, `.env` secrets, and every other project on disk.
 
-devsandbox removes that risk. It wraps any command in a sandbox scoped to your current working directory -- the directory you run `devsandbox` from becomes the project root with full read/write access, while everything outside it (credentials, keys, secrets, other projects) is blocked. An optional proxy mode logs every HTTP/HTTPS request for inspection.
+devsandbox closes that gap. It wraps any command in a sandbox scoped to your current working directory and brings the rest of your real environment with it:
+
+- **Your shell, aliases, history.** Detected from `$SHELL` and bound read-only.
+- **`mise`-managed tools.** Go, Node, Python, kubectl, whatever -- already there, no `mise install` twice.
+- **Editor + LSP, prompt, multiplexer.** nvim, helix, starship, tmux, fish, zsh -- all preserved.
+- **Sub-second startup.** bubblewrap on Linux shares the host kernel; native file watching works.
+
+The isolation boundary is still real. Inside the sandbox, the agent sees the project directory and your tools -- and nothing else. SSH keys, cloud credentials (`~/.aws`, `~/.azure`, `~/.gcloud`), `.env` files, sibling projects, and parent directories are invisible. `.git` is read-only by default. An optional MITM proxy logs every HTTP/HTTPS request for inspection.
 
 ## Prerequisites
 
@@ -124,13 +131,15 @@ devsandbox scratchpad rm experiments --keep-state
 devsandbox scratchpad rm --all --force
 ```
 
-## What Your AI Agent CAN and CANNOT Do
+## Security baseline
+
+DX is the headline; isolation is the floor. The defaults are tuned so an agent inside a fresh sandbox can do its job and nothing more -- no flags required.
 
-**CAN:** Read/write your project files, run build commands, install dependencies, make API calls (logged in proxy mode).
+**CAN:** Read/write your project files, use your `mise`-managed tools, inherit your shell and editor configs, run build commands, install dependencies, make API calls (logged in proxy mode).
 
 **CANNOT:** Read SSH keys, access cloud credentials (AWS/Azure/GCloud), read `.env` secrets, see other projects, push to git (by default), or modify your system.
 
-### Security Details
+### Resource access defaults
 
 | Resource | Default Access |
 |---|---|
@@ -149,13 +158,13 @@ Everything is configurable. See [Configuration](docs/configuration.md) for detai
 
 ## Features
 
-- **Zero-config security** -- SSH keys, cloud credentials, `.env` files, and git credentials are blocked by default
-- **Your tools, your shell** -- mise-managed tools, shell configs, editor setups (nvim, starship, tmux) all work inside the sandbox
+- **Your real dev env, inside the sandbox** -- mise-managed tools, shell configs, editor setups (nvim, starship, tmux) auto-detected and bound, no Dockerfile required
+- **Sub-second startup** -- [bubblewrap](https://github.com/containers/bubblewrap) namespaces on Linux share the host kernel; native file watching works. Docker layer caching keeps macOS restarts at 1-2s
+- **Per-project isolation** -- each project gets its own sandbox home, caches, and logs
+- **Zero-config security baseline** -- SSH keys, cloud credentials, `.env` files, and git credentials blocked by default
 - **MITM proxy** -- optional traffic inspection with log viewing, filtering, and export
 - **HTTP filtering** -- whitelist/blacklist domains, or interactively approve requests one at a time
 - **Content redaction** -- scan outgoing requests for secrets, block or replace them before they leave your machine
-- **Cross-platform** -- [bubblewrap](https://github.com/containers/bubblewrap) namespaces on Linux (sub-second startup), Docker containers on macOS
-- **Per-project isolation** -- each project gets its own sandbox home, caches, and logs
 - **Git modes** -- readonly (default), readwrite (with SSH/GPG), or disabled
 - **Desktop notifications** -- sandboxed apps can send notifications to the host via XDG Desktop Portal (Linux)
 

site/landing/index.html

@@ -3,21 +3,21 @@
 <head>
 <meta charset="utf-8">
 <meta name="viewport" content="width=device-width,initial-scale=1">
-<title>devsandbox — sandbox AI coding assistants safely</title>
-<meta name="description" content="Run Claude Code, Copilot, aider, and any other AI coding tool safely. devsandbox sandboxes the agent to your project directory — your SSH keys, cloud credentials, and other projects stay invisible. Skip permission prompts without giving up your home directory.">
+<title>devsandbox — your dev environment, sandboxed</title>
+<meta name="description" content="Sandbox AI coding agents without rebuilding your dev env. Your shell, mise-managed tools, and editor configs come with you. SSH keys, cloud credentials, and other projects stay invisible.">
 <meta name="color-scheme" content="light dark">
-<meta name="theme-color" content="#4051b5" media="(prefers-color-scheme: light)">
-<meta name="theme-color" content="#1a1d2e" media="(prefers-color-scheme: dark)">
+<meta name="theme-color" content="#c84a1a" media="(prefers-color-scheme: light)">
+<meta name="theme-color" content="#14130f" media="(prefers-color-scheme: dark)">
 <link rel="canonical" href="https://zekker6.github.io/devsandbox/">
 <link rel="icon" type="image/svg+xml" href="assets/favicon.svg">
 
 <meta property="og:type" content="website">
 <meta property="og:url" content="https://zekker6.github.io/devsandbox/">
-<meta property="og:title" content="devsandbox — sandbox AI coding assistants safely">
-<meta property="og:description" content="Run Claude Code, Copilot, aider, and friends without exposing SSH keys or cloud credentials. Skip permission prompts safely.">
+<meta property="og:title" content="devsandbox — your dev environment, sandboxed">
+<meta property="og:description" content="Sandbox AI coding agents without rebuilding your dev env. Your shell, mise tools, and editor configs come with you. Credentials and other projects stay invisible.">
 <meta name="twitter:card" content="summary">
-<meta name="twitter:title" content="devsandbox — sandbox AI coding assistants safely">
-<meta name="twitter:description" content="Run Claude Code, Copilot, aider, and friends without exposing SSH keys or cloud credentials.">
+<meta name="twitter:title" content="devsandbox — your dev environment, sandboxed">
+<meta name="twitter:description" content="Sandbox AI coding agents without rebuilding your dev env. Your shell and mise tools come with you.">
 
 <link rel="stylesheet" href="style.css">
 </head>
@@ -26,101 +26,161 @@
 <header class="hero">
   <div class="container">
     <nav class="topnav">
-      <span class="brand">devsandbox</span>
+      <span class="brand"><span class="brand-bracket">[</span>devsandbox<span class="brand-bracket">]</span></span>
       <span class="topnav-links">
-        <a href="/devsandbox/docs/">Docs</a>
-        <a href="https://github.com/zekker6/devsandbox" rel="noopener">GitHub</a>
+        <a href="/devsandbox/docs/">docs</a>
+        <a href="https://github.com/zekker6/devsandbox" rel="noopener">github</a>
       </span>
     </nav>
-    <h1>Run AI coding tools without giving them your SSH keys.</h1>
+
+    <p class="eyebrow">Sandboxing for AI coding agents · Linux + macOS</p>
+    <h1>
+      Sandbox the agent. <em>Keep your dev env.</em>
+    </h1>
     <p class="lede">
-      <strong>devsandbox</strong> sandboxes Claude Code, Copilot, aider, and any other CLI tool to the directory you're working in.
-      Skip permission prompts safely — your <code>~/.ssh</code>, cloud credentials, and other projects stay invisible.
+      Docker and VMs isolate by replacing your environment — fresh shell, no <code>mise</code>, no editor config, slow rebuilds. So most people skip isolation entirely.
+      <strong>devsandbox</strong> brings your real shell, mise-managed tools, and editor setup into a per-project sandbox. Your <code>~/.ssh</code>, cloud credentials, and other projects stay invisible.
     </p>
 
     <div class="install">
       <pre><code id="install-cmd">mise use -g github:zekker6/devsandbox</code></pre>
-      <button class="copy-btn" type="button" data-target="install-cmd" aria-label="Copy install command">Copy</button>
+      <button class="copy-btn" type="button" data-target="install-cmd" aria-label="Copy install command">copy</button>
     </div>
 
     <div class="cta-row">
-      <a class="cta cta-primary" href="/devsandbox/docs/getting-started/install/">Get started &rarr;</a>
-      <a class="cta cta-secondary" href="https://github.com/zekker6/devsandbox" rel="noopener">GitHub &rarr;</a>
+      <a class="cta cta-primary" href="/devsandbox/docs/getting-started/install/">Get started <span aria-hidden="true">→</span></a>
+      <a class="cta cta-secondary" href="https://github.com/zekker6/devsandbox" rel="noopener">Source <span aria-hidden="true">↗</span></a>
     </div>
 
     <p class="hero-foot">
-      Open source · MIT licensed · Linux &amp; macOS
+      Open source · MIT · Sub-second startup on Linux (bubblewrap) · Docker-backed on macOS
     </p>
   </div>
 </header>
 
-<section class="why">
+<section class="dxgap">
   <div class="container">
-    <h2>Why devsandbox</h2>
-    <div class="cards">
-      <article class="card">
-        <h3>Secrets stay yours</h3>
-        <p>
-          <code>~/.ssh</code>, <code>~/.aws</code>, <code>.env</code>, parent directories, and other projects are <em>invisible</em> inside the sandbox. An AI agent can't exfiltrate what isn't mounted.
-        </p>
-      </article>
-      <article class="card">
-        <h3>No more permission fatigue</h3>
-        <p>
-          Run with <code>--dangerously-skip-permissions</code> and actually mean it. Auto-approve commands without trusting your whole home directory.
-        </p>
-      </article>
-      <article class="card">
-        <h3>Tool-agnostic</h3>
-        <p>
-          Claude Code, GitHub Copilot, aider, Cursor CLI, OpenCode — anything with a shell. Wraps the binary, no plugin needed.
-        </p>
-      </article>
+    <p class="section-tag">/ 01 — the DX gap</p>
+    <h2>Most isolation tools make you rebuild your dev env from zero.</h2>
+    <p class="section-lede">
+      Spin up a Docker container or VM and you land in a stranger's machine: bash with no aliases, no <code>mise</code>, no editor, no prompt. Reinstall everything, fight file watchers, eat 10–30s cold starts. Eventually you give up and let the agent run on the host. devsandbox closes that gap.
+    </p>
+
+    <div class="comparison">
+      <div class="col col-pain">
+        <p class="col-tag">Docker · VM</p>
+        <ul class="checklist negative">
+          <li>Fresh shell — no aliases, no history, no prompt</li>
+          <li>Reinstall every tool inside the container</li>
+          <li>Editor + LSP configs (nvim, helix, vscode) gone</li>
+          <li><code>mise</code>, <code>starship</code>, <code>tmux</code> — gone</li>
+          <li>10–30s cold start, slow rebuilds</li>
+          <li>File-watching breaks across the VM boundary</li>
+        </ul>
+      </div>
+      <div class="col col-win">
+        <p class="col-tag">devsandbox</p>
+        <ul class="checklist positive">
+          <li>Your shell, your aliases, your history</li>
+          <li><code>mise</code> tools mounted read-only — Go, Node, Python, all of it</li>
+          <li>Editor + LSP configs come along, untouched</li>
+          <li>Starship, tmux, nvim, fish, zsh — all preserved</li>
+          <li>Sub-second restart on Linux, 1–2s on macOS</li>
+          <li>Native file watching — bubblewrap shares the host kernel</li>
+        </ul>
+      </div>
     </div>
   </div>
 </section>
 
 <section class="how">
   <div class="container">
-    <h2>How it works</h2>
+    <p class="section-tag">/ 02 — how it works</p>
+    <h2>Wrap any command. Inherit your env. Block the rest.</h2>
 
     <ol class="steps">
       <li>
-        <h3>Wrap the command.</h3>
-        <p>Use <code>devsandbox</code> as a prefix. The directory you run it from becomes the sandbox root — everything else is blocked.</p>
+        <p class="step-num">01 · wrap</p>
+        <h3>Prefix the command.</h3>
+        <p>The directory you run <code>devsandbox</code> from becomes the sandbox root. Everything outside it is gone.</p>
         <pre><code>cd ~/projects/my-app
 devsandbox claude --dangerously-skip-permissions</code></pre>
       </li>
       <li>
-        <h3>Filesystem locked down.</h3>
-        <p>Project files are read/write. Credentials, parent directories, sibling projects, and <code>.env</code> files are gone. <code>.git</code> is read-only by default.</p>
+        <p class="step-num">02 · inherit</p>
+        <h3>Your env follows you in.</h3>
+        <p>mise tools, shell configs, editor and prompt — auto-detected, bound read-only. No reinstall, no Dockerfile, no <code>mise install</code> twice.</p>
         <pre><code># inside the sandbox
-ls ~/.ssh
+mise ls            # your real toolchain
+which nvim         # your real editor
+echo $STARSHIP_*   # your real prompt</code></pre>
+      </li>
+      <li>
+        <p class="step-num">03 · isolate</p>
+        <h3>Credentials stay out.</h3>
+        <p>SSH keys, cloud creds, <code>.env</code>, sibling projects — invisible. <code>.git</code> is read-only by default. Now <code>--dangerously-skip-permissions</code> actually means something.</p>
+        <pre><code>ls ~/.ssh
 # No such file or directory
 
 cat .env
 # (empty — masked with /dev/null)</code></pre>
       </li>
       <li>
-        <h3>Network optional.</h3>
-        <p>Add <code>--proxy</code> to log every HTTP request. Block outbound entirely with a filter rule, or interactively approve each domain.</p>
+        <p class="step-num">04 · observe</p>
+        <h3>Network, on your terms.</h3>
+        <p>Add <code>--proxy</code> to log every HTTP call. Block, allow, or interactively approve domains as the agent runs.</p>
         <pre><code>devsandbox --proxy claude --dangerously-skip-permissions
 devsandbox logs proxy --last 50</code></pre>
       </li>
     </ol>
   </div>
 </section>
 
+<section class="security">
+  <div class="container">
+    <p class="section-tag">/ 03 — security baseline</p>
+    <h2>Zero-config defaults. <em>Reach what isn't mounted.</em></h2>
+    <p class="section-lede">
+      DX is the headline; isolation is the floor. The defaults are tuned so that an agent inside a fresh sandbox can do its job and nothing more — no flags required.
+    </p>
+
+    <div class="security-grid">
+      <div class="cell cell-good">
+        <p class="cell-label">read · write · inherit</p>
+        <ul>
+          <li>Your project directory</li>
+          <li><code>mise</code>-managed tools (read-only)</li>
+          <li>Shell, editor, prompt configs (read-only)</li>
+        </ul>
+      </div>
+      <div class="cell cell-bad">
+        <p class="cell-label">blocked by default</p>
+        <ul>
+          <li><code>~/.ssh</code> — keys, known_hosts</li>
+          <li><code>~/.aws</code>, <code>~/.azure</code>, <code>~/.gcloud</code></li>
+          <li><code>.env</code> and <code>.env.*</code> (masked)</li>
+          <li>Parent dirs and sibling projects</li>
+          <li>Git commits (<code>.git</code> read-only)</li>
+        </ul>
+      </div>
+    </div>
+  </div>
+</section>
+
 <footer class="footer">
   <div class="container">
+    <p class="footer-meta">
+      <span class="brand-bracket">[</span>devsandbox<span class="brand-bracket">]</span>
+      &nbsp;·&nbsp; MIT &nbsp;·&nbsp; built for terminals
+    </p>
     <p class="footer-links">
       <a href="https://github.com/zekker6/devsandbox" rel="noopener">GitHub</a>
       ·
       <a href="/devsandbox/docs/">Docs</a>
       ·
       <a href="/devsandbox/docs/about/changelog/">Changelog</a>
       ·
-      <a href="/devsandbox/docs/about/license/">License (MIT)</a>
+      <a href="/devsandbox/docs/about/license/">License</a>
     </p>
   </div>
 </footer>
@@ -135,7 +195,7 @@ <h3>Network optional.</h3>
     try {
       await navigator.clipboard.writeText(target.textContent.trim());
       const original = btn.textContent;
-      btn.textContent = 'Copied!';
+      btn.textContent = 'copied';
       btn.classList.add('copied');
       setTimeout(() => { btn.textContent = original; btn.classList.remove('copied'); }, 1600);
     } catch (e) { /* clipboard denied — fall through silently */ }