justin/safeclaude
Public Access
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

README cleanup

Browse Source
This commit is contained in:
Justin Fargione
2026-05-18 11:23:46 -04:00
parent 8967483eca
commit 8a8ee49d84
1 changed files with 9 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

136
README.md
View File

@ -1,8 +1,6 @@
# Claude Code — Dockerized # Claude Code — Dockerized
A minimal, guardrailed container for running Claude Code. The home A minimal, guardrailed container for running Claude Code.
directory and project folder are volumes, keeping your Claude install
and credentials separate from any specific project.
## Setup ## Setup
@ -10,60 +8,11 @@ and credentials separate from any specific project.
# 1. Build the image # 1. Build the image
docker compose build docker compose build
# 2. Export your API key (or put it in a .env file) # 2. Link the binary where it's accessible
export ANTHROPIC_API_KEY=sk-ant-... ln -s `readlink -f ./safeclaude` `readlink -f ~/.local/bin`
# 3. First run — installs Claude Code into the home volume, then drops you # 3. Run against your code
# into an interactive shell inside the default ./code directory cd ~/zenmaid-webapp && safeclaude .
docker compose run --rm claude-code
```
On first start the entrypoint runs the native installer and places the
binary in the `claude-home` named volume (under `/home/coder/.local/bin`).
Subsequent starts skip the install and launch immediately.
## Switching projects
Point `PROJECT_DIR` at any directory on your host:
```bash
PROJECT_DIR=/path/to/myproject docker compose run --rm claude-code
```
Or set it in a `.env` file:
```
ANTHROPIC_API_KEY=sk-ant-...
PROJECT_DIR=/Users/me/projects/my-app
```
Then just:
```bash
docker compose run --rm claude-code
```
## Starting Claude Code
Once inside the container shell:
```bash
claude # start an interactive session in the current directory
claude --help # show available options
claude doctor # diagnose installation issues
```
## Volumes
| Volume | Purpose |
| --------------------- | --------------------------------------------------------- |
| `claude-home` (named) | Persists Claude Code binary, config, and auth credentials |
| `$PROJECT_DIR` (bind) | Your project code — swap freely between sessions |
To wipe the Claude install and start fresh:
```bash
docker compose down -v # removes the claude-home volume
``` ```
## Security notes ## Security notes
@ -75,77 +24,10 @@ docker compose down -v # removes the claude-home volume
add a custom network or `--network none` with `--add-host` if you want add a custom network or `--network none` with `--add-host` if you want
to lock that down further to lock that down further
## Connecting to a host PostgreSQL database ## Limitations & future updates
The container can reach a PostgreSQL server running on the host, but - System package requirement changes require updates to the Dockerfile and a restart/rebuild - the claude user can't make these changes itself due to restricted access.
`127.0.0.1` inside the container refers to the container itself, not the
host. The solution is to connect via the Docker bridge gateway IP instead,
which both the host and the container can see.
### 1. Find the gateway IP - Bundles need to be updated separately inside the container
```bash - The setup is fairly tightly married to a ruby/psql application and would need to be tweaked to be configurable for other environments or platforms
docker network inspect bridge | grep Gateway
```
This is typically `172.17.0.1`. Use the value specific to your machine
in all steps below.
### 2. Configure PostgreSQL on the host
Edit `/etc/postgresql/<version>/main/postgresql.conf`:
```
listen_addresses = 'localhost,172.17.0.1'
```
Edit `/etc/postgresql/<version>/main/pg_hba.conf` and add:
```
host all all 172.17.0.0/16 scram-sha-256
```
Restart PostgreSQL:
```bash
sudo systemctl restart postgresql
```
### 3. Configure your app
Use the gateway IP as the database host. Since it is reachable from both
the host and the container, a single `DATABASE_URL` works in both contexts:
```
DATABASE_URL=postgresql://user:password@172.17.0.1:5432/mydb
```
Set this in your `.env` file or shell profile on the host, and pass it
through in `docker-compose.yml`:
```yaml
environment:
- DATABASE_URL=${DATABASE_URL}
```
### Collation version warning
If you see a warning like:
```
WARNING: database "mydb" has a collation version mismatch
DETAIL: The database was created using collation version 2.41, but the
operating system provides version 2.42.
```
This is caused by the container's glibc version differing from the host's.
It is a warning only and will not break anything. To silence it, run once
on the host:
```bash
psql -d mydb -c "ALTER DATABASE mydb REFRESH COLLATION VERSION;"
```
Note: the warning will reappear inside the container because its glibc
version differs from the host. The long-term fix is to rebase the Docker
image on the same Ubuntu release as the host so glibc versions match.