alt Hacker NewsI love how everyone is trying to solve the same problems, and how different the solutions are.
I made this little Dockerfile and script that lets me run Claude in a Docker container. It only has access to the workspace that I'm in, as well as the GitHub and JIRA CLI tool. It can do whatever it wants in the workspace (it's in git and backed up), so I can run it with --dangerously-skip-permissions. It works well for me. I bet there are better ways, and I bet it's not as safe as it could be. I'd love to learn about other ways that people do this.
Replies
> as well as the GitHub and JIRA CLI tool
That's a pretty powerful escape hatch. Even just running with read-only keys, that likely has access to a lot of sensitive data....
Lovely you discovered devcontainers.
Nice! Docker is a solid approach. Actual isolation is the ultimate protection. nah and sandclaude are complementary - container handles OS boundaries, and nah adds the semantic layer. git push --force is risky even inside the container