sandbox
Sandboxing Claude Code in a Long-Lived Container in MacOS
A wide allowlist is only safe when the blast radius is small. Running Claude Code inside a per-session Colima container with a git worktree and an iptables egress allowlist keeps rm, bash, and gh pr create from ever touching host macOS.
Read