Isn't the easy way just a development VM? As in:

Install your OS of choice in a virtual machine, e.g. even hosted on your main machine.

Install the AI coding tool in the virtual machine.

Set up a shared folder between host+guest OS.

Only let the VM access files that are "safe" for it to access. Its own repo, in its own folder.

If you want to give the AI tool and VM internet access and tool access, just limit what it can reach to things it is allowed to go haywire on. All the internet and all OS tools are ok. But don't let this AI do "real things" on "real platforms" -- limit the scope of what it "works on" to development assets.

When deploying to staging or prod, copy/sync files out of the shared folder that the AI develops on, and run them. But check them first for subterfuge.

So, don't give the AI access to "prod" configs/files/services/secrets, or general personal/work data, etc. Manage those in other "folders" entirely, not accessible by the development VM at all.

Is that close?

From within VSCode, you can run devcontainers, which bind mounts the project's directory into an isolated Docker container. Safe for --dangerously-skip-permissions

https://code.visualstudio.com/docs/devcontainers/containers

Use a devcontainer. Claude Code's repo has one built specifically for it:

https://github.com/anthropics/claude-code/tree/main/.devcont...

Simon Willison just posted about using claude in fly.io's dev sandboxes. I have not tried it yet but it looks promising.

https://simonw.substack.com/p/first-impressions-of-claude-co...

Docker desktop has a pretty nice sandbox feature that will also store your CC (and other) credentials, so you don't have to re-auth every time you create a new container.

I built something to use for myself which is organized workspaces to work on many things with Claude in parallel with the ability to run things in VMs and linked web browsers all contained in one app. I built it mostly driven by trying to work on too many things at once and getting lost in a sea of windows and browser tabs.

It is not at all ready for public consumption (a face only a mother could love, in other words it's a bugridden mess), but I've considered polishing it and releasing it to the public either as open source or for profit.

Most of it is written with Claude and I've run into roadblocks with Claude being able to do too many things at once and am rewriting as several libraries to improve the focus for Claude agents.

I have 30 lines of zsh and I just say "dev1" dev2 etc.

And it makes a new lxd container using my base image. Connects using tmux so I can resume anytime after closing the session.

Its like exe.dev or sprites without much effort if you want to self host.

/sandbox https://code.claude.com/docs/en/sandboxing

Genuine advice: supplement your Claude Code plan with a GLM Coding plan: https://z.ai/subscribe

GLM 4.7 is not a "Sonnet killer" but it will work just as well for sketching out easier projects, web design and terminal usage. After a while I cancelled my Claude Code plan because I simply didn't do anything that GLM couldn't hammer out equally as well.

Maybe not easy or for everyone but you can set a Virtualbox VM running a headless linux of your choice, install directory sharing like samba and your AI agents of choice. Then you can just have multiple SSH sessions to interact with the agents and `tail` logs.

yolobox is the easiest I have found. Basically a batteries included image with a bit of sugar. https://github.com/finbarr/yolobox

`yolobox run claude` launches Claude Code with --dangerously-skip-permissions mode inside of a container with a good set of default tools included.

Claude Code on web is okay in the meantime if you want to set it loose but not on your own machine.

Well, one very easy way would be to use the web version of Claude Code.

I mean, it depends on what you're doing but I force claude to always commit code every time it finishes a todo. It never seems to stop doing that, so I run it in dangerous mode on Zed. I get to review the code after the fact anyway.