A minimal, guardrailed container for running Claude Code. The home directory and project folder are volumes, keeping your Claude install and credentials separate from any specific project.

Setup

# 1. Build the image
docker compose build

# 2. Export your API key (or put it in a .env file)
export ANTHROPIC_API_KEY=sk-ant-...

# 3. First run — installs Claude Code into the home volume, then drops you
#    into an interactive shell inside the default ./code directory
docker compose run --rm claude-code

On first start the entrypoint runs the native installer and places the binary in the claude-home named volume (under /home/coder/.local/bin). Subsequent starts skip the install and launch immediately.

Switching projects

Point PROJECT_DIR at any directory on your host:

PROJECT_DIR=/path/to/myproject docker compose run --rm claude-code

Or set it in a .env file:

ANTHROPIC_API_KEY=sk-ant-...
PROJECT_DIR=/Users/me/projects/my-app

Then just:

docker compose run --rm claude-code

Starting Claude Code

Once inside the container shell:

claude          # start an interactive session in the current directory
claude --help   # show available options
claude doctor   # diagnose installation issues

Volumes

Volume	Purpose
`claude-home` (named)	Persists Claude Code binary, config, and auth credentials
`$PROJECT_DIR` (bind)	Your project code — swap freely between sessions

To wipe the Claude install and start fresh:

docker compose down -v   # removes the claude-home volume

Security notes

Runs as a non-root user (coder, uid 1000)
All Linux capabilities are dropped (cap_drop: ALL)
Privilege escalation is disabled (no-new-privileges)
The container has no network restrictions beyond what Docker provides — add a custom network or --network none with --add-host if you want to lock that down further