A safe, isolated environment for running Claude Code on your projects.
This Docker sandbox allows you to work with Claude Code on your projects with environment isolation. Claude Code operates inside a container where it can experiment, make changes, and work with Docker—all while keeping everything outside your project directory protected.
- Files outside your project: Claude Code cannot access any files on your computer except the mounted project directory
- System files: Your computer's system files are completely inaccessible
- Other projects: Only the mounted project is visible to Claude Code
- Environment pollution: Installing packages, changing configs, etc. stays in the container
- Accidental commits: Changes only go to GitHub if you explicitly push them
If Claude Code does something catastrophic, just delete the container and start fresh. Everything outside your project directory remains untouched.
- Files in your mounted project: Claude Code can modify files in your project directory (but git protects you - commit before sessions, revert if needed)
- Malicious pushes to GitHub: If Claude Code pushes bad code and you don't catch it, it's in your repo (but you can revert)
- Host Docker daemon: The container shares your computer's Docker daemon (can see host containers, but unlikely to cause issues)
- Network access: The container can make network requests
Bottom line: This protects everything on your computer EXCEPT the specific project you're working on. For the project itself, git is your safety net (commit often, review before pushing).
- Docker installed and running
- Anthropic subscription or API key
- Git configured with your GitHub credentials
-
Update start.sh with your project path:
Edit
start.shand replace the path with your actual project location:-v /path/to/your/project:/workspace/mounted-project \
-
Build the sandbox image:
./start.sh
(First run will build the image automatically - takes 3-5 minutes)
-
OPTIONAL: Set your API key (choose one method):
This step is not required if you are using a Claude subscription.
Option A: Environment variable (recommended)
export ANTHROPIC_API_KEY="your-key-here" ./start.sh
Option B: Set inside container each time
./start.sh # Inside container: export ANTHROPIC_API_KEY="your-key-here"
-
GitHub authentication (for pushing):
Generate a Personal Access Token at https://github.com/settings/tokens
When you push, use:
- Username: your GitHub username
- Password: your personal access token
# Start/enter the sandbox
./start.sh
# Exit sandbox (keeps container running)
exit
# or Ctrl+D
# Stop the sandbox
docker stop claude-sandbox
# Start stopped sandbox
./start.sh
# (will restart existing container automatically)
# Get into running sandbox from another terminal
docker exec -it claude-sandbox /bin/bash
# Check if sandbox is running
docker ps | grep claude-sandbox
# Check if sandbox exists (running or stopped)
docker ps -a | grep claude-sandbox# Navigate to your project (already mounted!)
cd /workspace/mounted-project
# Run Claude Code
claude
# Build your Docker project
docker build -t myapp .
# Run your Docker project
docker run myapp
# Run docker-compose
docker compose up
# Check git status
git status
# Commit changes
git add .
git commit -m "Description of changes"
# Push to GitHub (review changes first!)
git push
# Pull latest from GitHub
git pull# Remove the sandbox completely (start fresh)
./cleanup.sh
# or manually:
docker stop claude-sandbox
docker rm claude-sandbox
# Rebuild the sandbox image (if you update Dockerfile)
docker build -t claude-sandbox .
# View container logs
docker logs claude-sandbox
# See disk space used by Docker
docker system df
# Clean up Docker resources
docker system prune-
Commit your current work (important!):
cd /path/to/your/project git add -A git commit -m "Before Claude Code session"
-
Start the sandbox:
cd /path/to/claude-sandbox ./start.sh -
Work with Claude Code:
cd /workspace/mounted-project claude -
Review and push changes:
git status git diff # If changes look good: git add . git commit -m "Implemented feature X" git push
If changes are bad:
git reset --hard HEAD~1 # Undo last commit # or git reset --hard HEAD # Discard all changes
-
Exit when done:
exit
- ALWAYS commit before Claude Code sessions - this is your safety net
- Review changes carefully before pushing to GitHub
- Use branches for experimental work:
git checkout -b experiment - Keep the sandbox between sessions—your work persists until you remove it
- Docker just works - no need to start daemons or configure storage drivers
"The path /path/to/your is not shared from the host"
- Make sure you updated the path in
start.shto your actual project location - The path should be absolute (e.g.,
/path/to/your/project)
"Cannot connect to Docker daemon"
- Make sure Docker Desktop is running on your computer
- Try:
docker pson your computer to verify Docker works
"Permission denied" when using Docker inside sandbox
- The Docker socket mount should handle this
- Restart Docker Desktop if issues persist
"Authentication failed" when pushing to GitHub
- Generate a new Personal Access Token at https://github.com/settings/tokens
- Make sure the token has
reposcope - Use the token as your password, not your GitHub password
"Command not found: claude"
- The image may not have built correctly
- Rebuild:
./cleanup.sh && docker rmi claude-sandbox && ./start.sh
See your own container when running docker ps
- This is normal! Socket mounting means you're using your computer's Docker daemon
- You'll see all containers running on your computer, including the sandbox itself
Verify environment isolation
# Inside container - these should all fail:
ls /path/to/any/other/local/folder/ # Fails - not mounted
# This works - your mounted project:
ls /workspace/mounted-project/ # Works- This uses socket mounting - shares your computer's Docker daemon
- Only your project directory is mounted - everything else on your computer is protected
- Your API key is passed into the container—don't share container snapshots
- Git is your primary protection for project files - commit before sessions
- Use branches for experimental work to avoid affecting main
This sandbox uses socket mounting for reliable Docker access:
- The sandbox container mounts
/var/run/docker.sockfrom your computer - Docker commands inside the sandbox talk to your computer's Docker daemon
- Your project directory is mounted at
/workspace/mounted-project - Everything else on your computer is invisible and inaccessible to the container
Advantages:
- ✅ Fast and reliable - no Docker-in-Docker issues
- ✅ Protects everything except your project directory
- ✅ Docker Compose and volume mounts just work
- ✅ Simple and stable
Trade-offs:
⚠️ Project files are directly accessible (use git for protection)⚠️ Shares Docker daemon with host (minor concern in practice)
claude-sandbox/ # Clone this repo anywhere you like
├── Dockerfile # Sandbox environment definition
├── start.sh # Script to start/enter sandbox
├── cleanup.sh # Script to remove sandbox
└── README.md # This file
Inside the container:
/workspace/
└── mounted-project/ # Your mounted project
On your computer:
/path/to/your
└── project/ # Your actual project (mounted into container)
Edit start.sh to mount additional directories:
-v /path/to/your/project1:/workspace/project1 \
-v /path/to/your/project2:/workspace/project2 \Any existing Docker configurations in your project should work normally without changes.
Remember: Always commit your work before Claude Code sessions. Git is your safety net!