Skip to content

CLIAI/isolated-docker-claude-code

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
tests
tests
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
init-firewall.sh
init-firewall.sh
 
 
run_tests.py
run_tests.py
 
 

Repository files navigation

Claude Code Secure Docker Environment (WIP - work in progress)

Main objective: Repository helpful to run Claude Code in dockerfile isolated from internet with only access to Claude servers, so can be run with --dangerously-skip-permissions).

💡 Related repo/effort: MCP Permission server for Claude Code tools/commands Security Policies: https://github.com/CLIAI/mcp_permission_server_claude_code .

This repository provides Dockerfile(s) and scripts to allow you to run Claude Code (claude) in fully autonomous mode inside isolated Docker containers. The main purpose of this directory is to enable developers to run Claude Code in a way that bypasses all permission checks (using --dangerously-skip-permissions), but only in a locked-down environment with no internet access except for the minimum required Anthropic servers. This setup is intended for developers who want to automate Claude Code in non-interactive mode, while ensuring only the minimum required network access for Anthropic's APIs.

Automated Testing Framework

This repository also includes a robust testing framework for evaluating Claude Code's problem-solving capabilities in a fully isolated environment. The testing system:

  1. Automatically discovers test cases in the tests/ directory
  2. Creates temporary directories for each test
  3. Mounts these directories in Docker containers
  4. Runs Claude with the problem description and input files
  5. Verifies the solutions against expected outputs

Running Tests

Quick Testing (with Local Output Generation)

For quick testing of the framework without waiting for Claude:

# Build Docker image and run all tests with local output generation
make tests

# Run a specific test with local output generation
make test-specific TEST=addition_program_task

Testing

The framework supports two testing approaches:

  1. Local Output Generation (default) - For quick testing of the testing framework, we generate outputs locally:
# Build Docker image and run all tests with local output generation
make tests

# Run a specific test with local output generation
make test-specific TEST=addition_program_task
  1. Production Setup Note:

In a production environment, you would want to run actual Claude in the container, but there are limitations in the current test setup that make it difficult to demonstrate interactively. The test scripts include the command structure for how Claude would be invoked, but they're currently disabled in favor of direct solution execution.

To run in a production environment, the tests-claude and test-specific-claude targets would need to be modified to work with your Claude API configuration.

Advanced Options

For more control over test execution:

# See all available options
./run_tests.py --help

# Examples
./run_tests.py --verbose --keep-temp  # Keep temporary directories for debugging
./run_tests.py --list                 # List available tests without running them
./run_tests.py --test=addition_program_task --verbose  # Run a specific test verbosely

Creating New Tests

To create a new test case:

  1. Create a new directory under tests/: mkdir tests/my_new_test
  2. Add a README.md with the problem description
  3. Add input files (*.in) with test inputs
  4. Add output files (*.out) with expected outputs
  5. Run the test: make test-specific TEST=my_new_test

Purpose

  • Run Claude Code with --dangerously-skip-permissions: Bypass permission prompts for full automation, but only in a locked-down container.
  • Network Isolation: The container blocks all outbound internet except for Anthropic endpoints (api.anthropic.com, statsig.anthropic.com, sentry.io), as required for Claude Code to function.
  • Handy Scripts: Includes a Dockerfile and firewall setup script to enforce these restrictions automatically.
  • Project Configuration: Example .claude/settings.json to allow/deny specific commands for further safety.

Quick Start

  1. Build the Docker image: 
    docker build -t claude-code-secure .
  2. Run the container: 
    docker run -it --cap-add=NET_ADMIN \
  -v "$(pwd):/workspace" \
  -v "${HOME}/.claude:/root/.claude" \
  -e CLAUDE_API_KEY=your_api_key_here \
  claude-code-secure
  3. Use Claude Code with dangerous permissions: 
    cd /workspace
claude --dangerously-skip-permissions "your command here"

How it works

  • The container uses iptables to block all outbound traffic except to Anthropic's required domains.
  • The --cap-add=NET_ADMIN flag is needed for firewall setup.
  • The init-firewall.sh script is run on container startup to enforce network restrictions.
  • Example .claude/settings.json is provided to allow safe automation and block risky commands like curl and wget.

Project-Level Configuration for Auto-Skip Permissions

You can also set up a project to automatically allow Claude Code to run without permission prompts by configuring the .claude/settings.json file in your project directory:

{
  "permissions": {
    "allow": [
      "Bash(*)",
      "Edit(*)",
      "Write(*)"
    ],
    "deny": [
      "Bash(curl *)",
      "Bash(wget *)"
    ]
  }
}

This configuration allows all bash commands, file edits, and file writes, except for potentially risky commands like curl and wget that could fetch arbitrary content from the web.

Security Considerations

  • This setup limits network access to only the required API endpoints while preventing other external connections.
  • Running Claude Code with --dangerously-skip-permissions should only be done in this controlled environment.
  • Consider blocking risky commands like curl and wget that could potentially bypass your network security.
  • For additional security, you can mount your project directories as read-only for any directories that shouldn't be modified.
  • Regularly review the commands being executed in automated mode through logs.

Distribution Specific Notes

Arch Linux

If using Arch as your host system, you can install Docker with:

sudo pacman -S docker
sudo systemctl enable docker
sudo systemctl start docker

Ubuntu Linux

For Ubuntu, install Docker with:

sudo apt update
sudo apt install docker.io
sudo systemctl enable docker
sudo systemctl start docker

Both distributions will use the same Docker container configuration once Docker is installed.

For Developers / Development of This Repository

This repository is intended for developers who want to contribute to or verify the secure automation of Claude Code. To ensure the setup works as intended, we provide a suite of sanity-check tests in the tests/ directory. These tests are designed to verify that the Docker-based, isolated environment is functioning correctly and that Claude Code can solve example problems in fully autonomous mode.

  • The tests are run inside the same isolated Docker containers, with all permission checks bypassed using the --dangerously-skip-permissions flag.
  • This flag bypasses all permission checks and should only be used in containers with no internet access (i.e., only allowing access to the servers required by Claude).
  • The test suite provides a quick way to check that the environment is correctly set up and that Claude Code can run a few example tasks end-to-end.

To run the tests, see the "Running Tests" section above.

References

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages