Skip to content

docs: analyze Claude sandboxing vs cloud execution approaches #106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
bborn wants to merge 2 commits into
base: main
Choose a base branch
from
Open

docs: analyze Claude sandboxing vs cloud execution approaches #106

bborn wants to merge 2 commits into from

Conversation

@bborn
Copy link
Owner

@bborn bborn commented Jan 11, 2026

Summary

  • Research Claude Code's native sandboxing (bubblewrap on Linux, Seatbelt on macOS) and devcontainer support
  • Compare four approaches: native sandbox, devcontainers, Hetzner VPS (current), and Fly.io Machines
  • Recommend hybrid approach starting with native sandbox, progressing to containers/VMs as needed

Key Findings

Claude Code Native Sandboxing:

  • OS-level filesystem and network isolation
  • Works immediately with our existing Hetzner setup
  • Enables safe use of --dangerously-skip-permissions
  • Minimal implementation effort

Devcontainers:

  • Stronger container-based isolation
  • Good for per-task isolation
  • ~5s startup overhead

Fly.io Machines:

  • True VM isolation, ~300ms cold start
  • Pay-per-use, scale to zero
  • Best for future scaling needs

Recommendation

  1. Phase 1 (Immediate): Enable native sandbox on current Hetzner setup
  2. Phase 2 (Medium-term): Add devcontainer support for full isolation
  3. Phase 3 (Long-term): Evaluate Fly.io for scaling beyond single server

Test plan

  • Document created and reviewed
  • Future: Implement Phase 1 sandbox config in executor.go

🤖 Generated with Claude Code

bborn and others added 2 commits January 11, 2026 09:32
@bborn @claude
docs: analyze Claude sandboxing vs cloud execution approaches
30e1e15 
Research and compare different approaches for secure remote task execution:
- Claude Code native sandboxing (bubblewrap/Seatbelt)
- Devcontainers for container-based isolation
- Hetzner/VPS (current approach)
- Fly.io Machines for per-task VM isolation

Recommend hybrid approach starting with native sandbox on existing
infrastructure, with devcontainers and Fly.io as future enhancements.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@bborn @claude
docs: add implementation recommendations for Claude sandboxing
2270593 
Add SANDBOX_RECOMMENDATIONS.md with concrete implementation guidance
for enabling Claude Code's native sandboxing in the task TUI app.

Key findings:
- Native sandboxing is already built into Claude Code (bubblewrap/Seatbelt)
- Can be enabled immediately via .claude/settings.json config
- Requires minimal code changes (~50 lines in executor.go)
- Better than Hetzner/Fly.io for immediate security improvements
- Devcontainers and Fly.io remain good future options

Recommendation: Implement Phase 1 (native sandboxing) immediately
for filesystem/network isolation and safe auto-execution mode.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bborn