Skip to content

longregen/claude-sandbox

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
README.md
README.md
 
 
default.nix
default.nix
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 
update-claude.sh
update-claude.sh
 
 

Repository files navigation

Sandboxed Claude Code

This project provides a sandboxed environment for running Claude Code using Nix and bubblewrap.

** WARNING **: It was not properly security reviewed. It's just a stub. Don't use it outside of a VM.

Usage

On NixOS systems, run nix run github:longregen/claude-sandbox

What's Mounted

Essential System Files

  • /etc/ssl - SSL certificates for HTTPS
  • /etc/resolv.conf - DNS resolution
  • /nix - Nix store (read-only)

Development Directories

  • Current working directory (read-write)
  • Development cache directories (if they exist):
    • .go, .pip, .deno, .pnpm, .yarn, .uv
    • .huggingface, .cached-nix-shell, .nix, .gradle, .zig
    • Language server caches: .gopls, .jedi, .lua-language-server, etc.

Development

The sandbox configuration is in default.nix. Key components:

  • sandboxWrapper: Shell script that sets up the bubblewrap environment
  • ALLOWLIST: Directories and files that are mounted in the sandbox

Debugging

To see what the sandbox would execute without running it:

DRY_RUN=1 ./result/bin/claude-sandbox --help

To start a shell in the sandbox environment:

START_SHELL=1 ./result/bin/claude-sandbox


Tip: useful to run with strace to know what's going on.

About

Sandboxed @anthropics/claude-code with bubblewrap for NixOS

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Languages