sandbox
Sandboxing Claude Code in a Long-Lived Container in MacOS
A wide allowlist is only safe when the blast radius is small. Running Claude Code inside a persistent Colima container keeps rm, bash, and gh pr create from ever touching host macOS.
Read