A Julia application that runs claude-code in an isolated sandbox environment using Linux namespaces.
🛡️ Security Notice: This sandbox is NOT intended to protect against malicious escape attempts. It is designed only to prevent claude from accidentally causing damage to the host system during normal operation.
🎯 Purpose: This tool is intended to make it easy for users with Julia installed to run claude-code in a sandboxed environment with minimal setup.
- 🔒 Isolated Environment: Runs claude-code in a sandboxed container
- 📁 Workspace Mounting: Your current directory is mounted as
/workspace - 📦 Integrated Node.js: Includes Node.js v22 via JLL packages
- 💾 Persistent Storage: JLL prefixes and npm packages are stored in scratch spaces
- 🚀 Automatic Setup: Automatically installs Node.js and claude-code
- 🖥️ Interactive Session: Full stdin/stdout/stderr support for interactive commands
using Pkg
Pkg.Apps.add(url="https://github.com/Keno/ClaudeBox.jl")This will automatically install the claudebox executable to your Julia depot's bin directory.
- Clone this repository:
git clone https://github.com/Keno/ClaudeBox.jl
cd ClaudeBox- Install dependencies:
julia --project=. -e 'using Pkg; Pkg.instantiate()'- The executable is located at
bin/claudebox
Run claude-code with your current directory mounted:
./bin/claudebox./bin/claudebox -w ~/my-projectClear all cached data and reinstall:
./bin/claudebox --resetReset only the Julia depot (packages and registries):
./bin/claudebox --reset-juliaReset everything including Claude settings:
./bin/claudebox --reset-allBy default, GitHub authentication uses minimal permissions. For broader access including repository creation:
./bin/claudebox --dangerous-github-auth./bin/claudebox --help- Julia 1.6 or higher
- Linux with user namespaces support
- Internet connection (for first-time claude-code installation)
- Anthropic API key (set as
ANTHROPIC_API_KEYenvironment variable)
ANTHROPIC_API_KEY: Your Anthropic API key (required for claude-code)
When you run the app, you'll enter a sandboxed environment where:
- Your files are available at
/workspace - Various development tools are pre-installed and available
- claude-code is automatically installed on first run
If you have a repository named .claude_sandbox in your GitHub account, ClaudeBox will automatically:
- Clone or update the repository on each launch
- Mount it at
/root/.claude_sandboxin the sandbox - Reference any
CLAUDE_SANDBOX.mdfile in the default Claude instructions
This allows you to maintain personal configurations, custom instructions, or project templates that Claude will have access to in every session.
To use this feature:
- Create a repository named
.claude_sandboxin your GitHub account - Add a
CLAUDE_SANDBOX.mdfile with your custom instructions - ClaudeBox will automatically detect and use it
- Uses Sandbox.jl to create isolated Linux namespace containers
- Deploys Node.js from NodeJS_22_jll using JLLPrefixes.jl
- Stores persistent data in Julia scratch spaces
- Mounts your working directory into the sandbox
- Runs claude-code or bash in the isolated environment
Make sure you're using full paths for executables (e.g., /bin/echo instead of echo)
The sandbox may have network restrictions. If npm install fails, check your network configuration.
Ensure your system supports unprivileged user namespaces:
sysctl kernel.unprivileged_userns_cloneThis project is licensed under the MIT License - see the LICENSE file for details.