feat(docker): add isolated Claude Code environment with proxy sidecar
Two-container setup: claude (UID 1000, internal-only network) and proxy (Squid, UID 13). The internal Docker network uses internal: true so the claude container has no direct internet route. All egress is tunnelled through the Squid sidecar which enforces a domain allowlist. Both containers drop all capabilities and set no-new-privileges. claude.sh provides start/stop/run/update/logs/status/shell lifecycle management.
This commit is contained in:
docker-claude
commit
e0e5e03e58
10 changed files with 554 additions and 0 deletions
9
.env.example
Normal file
9
.env.example
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
# Copy this file to .env and fill in your values.
|
||||
# .env is git-ignored — never commit it.
|
||||
|
||||
# Required: your Anthropic API key
|
||||
ANTHROPIC_API_KEY=sk-ant-...
|
||||
|
||||
# Optional: mount a host directory as /workspace inside the Claude container.
|
||||
# If unset, a named Docker volume is used (fully isolated from the host).
|
||||
# WORKSPACE_DIR=/absolute/path/to/your/project
|
||||
Loading…
Add table
Add a link
Reference in a new issue