{"id":47612459,"url":"https://github.com/fastbytes/claude-safe","last_synced_at":"2026-05-27T13:01:53.094Z","repository":{"id":344917263,"uuid":"1159639996","full_name":"fastbytes/claude-safe","owner":"fastbytes","description":"Sandboxed Claude Code launcher — runs Claude in Docker with tmux session management and git worktree isolation","archived":false,"fork":false,"pushed_at":"2026-05-23T00:51:45.000Z","size":284,"stargazers_count":1,"open_issues_count":7,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-23T02:34:25.306Z","etag":null,"topics":["claude","claude-code","docker","sandbox","tmux"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fastbytes.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-17T01:09:04.000Z","updated_at":"2026-05-23T00:51:35.000Z","dependencies_parsed_at":"2026-04-02T12:10:32.299Z","dependency_job_id":null,"html_url":"https://github.com/fastbytes/claude-safe","commit_stats":null,"previous_names":["fastbytes/claude-safe"],"tags_count":55,"template":false,"template_full_name":null,"purl":"pkg:github/fastbytes/claude-safe","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fastbytes%2Fclaude-safe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fastbytes%2Fclaude-safe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fastbytes%2Fclaude-safe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fastbytes%2Fclaude-safe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fastbytes","download_url":"https://codeload.github.com/fastbytes/claude-safe/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fastbytes%2Fclaude-safe/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33566873,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-27T02:00:06.184Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["claude","claude-code","docker","sandbox","tmux"],"created_at":"2026-04-01T20:39:43.151Z","updated_at":"2026-05-27T13:01:53.071Z","avatar_url":"https://github.com/fastbytes.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# claude-safe\n\nSandboxed Claude Code launcher. Runs Claude Code inside Docker containers with tmux session management and git worktree isolation.\n\n## Architecture\n\n```\nhost shell\n  └─ claude-safe\n       └─ docker run -d (container: sleep infinity)\n            └─ tmux\n                 ├─ window 1: claude    ← main session\n                 ├─ window 2: bash      ← user splits\n                 └─ window 3: claude    ← user spawns another\n```\n\ntmux runs **inside** the container. Every pane and window is sandboxed. `Ctrl-b d` detaches back to the host — the container keeps running. `claude-safe` reattaches.\n\n## Why\n\nClaude Code has unrestricted shell access. Running it on a bare host means it can `rm -rf`, read secrets, install packages globally, or modify system configs. claude-safe puts it in a container with explicit mount controls:\n\n- **Workspace:** read-write (your project only)\n- **~/.claude:** granular ro/rw (settings ro, session state rw)\n- **~/.kube, ~/.ssh, ~/.gitconfig:** read-only\n- **~/Code:** read-only cross-project reference\n- **Everything else:** not mounted\n\n## Requirements\n\n- Docker (OrbStack recommended on macOS, Docker Engine on Linux)\n- Git\n- Bash 4+\n- jq\n\ntmux is included in the container image — not needed on the host.\n\n## Install\n\n```bash\n./claude-safe install\n```\n\nThe installer detects your environment, prompts for each option with sensible defaults, writes `~/.config/claude-safe/config.sh`, installs the script, and builds the Docker image. Run `claude-safe install` again anytime to reconfigure.\n\n\u003cdetails\u003e\n\u003csummary\u003eManual install\u003c/summary\u003e\n\n```bash\n# 1. Build the image\ndocker build -t claude-safe -f Dockerfile.claude-safe .\n\n# 2. Install the script\ncp claude-safe ~/.local/bin/claude-safe\nchmod +x ~/.local/bin/claude-safe\n\n# 3. Copy config\nmkdir -p ~/.config/claude-safe\ncp config.example.sh ~/.config/claude-safe/config.sh\n# Edit to match your setup\n\n# 4. (Optional) tmux config for remote access\ncp tmux.conf ~/.config/claude-safe/tmux.conf\n\n# 5. Verify\nclaude-safe doctor\n```\n\n\u003c/details\u003e\n\n## Usage\n\n### Quick start\n\n```bash\ncd ~/Code/my-project\nclaude-safe              # launch or reattach\n# Ctrl-b d              # detach\nclaude-safe              # reattach\nclaude-safe stop         # stop container\n```\n\n### Parallel agents with worktrees\n\n```bash\nclaude-safe new fix-auth \"fix JWT refresh race condition\"\nclaude-safe new add-tests\nclaude-safe new refactor-api\n\nclaude-safe ls           # see all containers + sessions\nclaude-safe start fix-auth\n\nclaude-safe merge fix-auth --squash\nclaude-safe rm fix-auth  # stop + delete worktree + branch\n```\n\n### Commands\n\n| Command | Description |\n|---|---|\n| `claude-safe` | Smart launch: reattach or create session |\n| `claude-safe new \u003cbranch\u003e [prompt]` | Create worktree + container + session |\n| `claude-safe start \u003cbranch\u003e` | Reattach to worktree session |\n| `claude-safe stop [branch]` | Stop container (current dir or branch) |\n| `claude-safe ls` | List worktrees, containers, tmux sessions |\n| `claude-safe rm \u003cbranch\u003e` | Full cleanup: container + worktree + branch |\n| `claude-safe merge \u003cbranch\u003e [--squash]` | Merge worktree into current branch |\n| `claude-safe shell [branch]` | Bash into container (no tmux) |\n| `claude-safe dash` | Container overview |\n| `claude-safe install` | Interactive installer / reconfigure |\n| `claude-safe config` | Show resolved configuration |\n| `claude-safe doctor` | Verify dependencies and config |\n| `claude-safe --raw` | Disposable container, no tmux |\n\n### tmux keys (inside the container)\n\n| Keys | Action |\n|---|---|\n| `Ctrl-b \\|` | Split vertical |\n| `Ctrl-b -` | Split horizontal |\n| `Ctrl-b c` | New window |\n| `Alt-1..5` | Switch window by number |\n| `Alt-arrows` | Switch panes |\n| `Ctrl-b z` | Zoom/unzoom pane |\n| `Ctrl-b d` | Detach |\n\n## Files\n\n```\nclaude-safe              main script (~850 lines bash)\nDockerfile.claude-safe    container image (K8s + dev tools + tmux)\nconfig.example.sh        example configuration\ntmux.conf                tmux config optimized for remote tmux sessions\nCHEATSHEET.md            quick reference\nCLAUDE.md                instructions for Claude Code working on this repo\n```\n\n## Configuration\n\nAll settings live in `~/.config/claude-safe/config.sh`. Key options:\n\n```bash\nCLAUDE_SAFE_TEMPLATE=\"claude-safe\"     # Docker image to use\nCLAUDE_SAFE_NETWORK=\"host\"            # host networking (for Tailscale/K8s)\nCLAUDE_SAFE_MOUNT_KUBE=true           # mount ~/.kube read-only\nCLAUDE_SAFE_MOUNT_SSH=true            # mount ~/.ssh read-only\nCLAUDE_SAFE_HOST_ENV=\"GH_TOKEN\"       # forward env vars into container\nCLAUDE_SAFE_TMUX_CONF=\"~/.config/claude-safe/tmux.conf\"\n```\n\nSee `config.example.sh` for all options with descriptions.\n\n### Credential handling\n\nOn macOS, Claude Code stores OAuth tokens in Keychain. claude-safe extracts them at launch and writes to `~/.claude/.credentials.json` (user-only permissions). The file is bind-mounted into the container.\n\nHost environment variables listed in `CLAUDE_SAFE_HOST_ENV` are forwarded via `docker run -e` at launch time — never written to disk.\n\n## Container image\n\n`Dockerfile.claude-safe` extends `docker/sandbox-templates:shell` with:\n\n- **K8s:** kubectl, helm, k9s, stern, yq\n- **Dev:** ripgrep, fd, shellcheck, build-essential, gh, delta\n- **DB:** postgresql-client\n- **Session:** tmux, ncurses-term\n- **Locale:** en_US.UTF-8\n\nMulti-arch: builds natively on arm64 (Apple Silicon) and amd64.\n\n```bash\ndocker build -t claude-safe -f Dockerfile.claude-safe .\n```\n\n## Remote workflow\n\n```\nRemote terminal → SSH/Mosh/any → host (tmux inside container)\n```\n\n1. Connect to the host via SSH, Mosh, or any remote terminal\n2. Configure `CLAUDE_SAFE_TMUX_CONF` to point to `tmux.conf`\n3. From remote: `claude-safe`\n4. `Ctrl-b d` to detach, disconnect, reconnect anytime\n\ntmux inside the container survives reconnects. The container survives everything until explicitly stopped.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffastbytes%2Fclaude-safe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffastbytes%2Fclaude-safe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffastbytes%2Fclaude-safe/lists"}