Comment by sothatsit

Comment by sothatsit 3 days ago

16 replies

View on Hacker News

I have enjoyed running Claude Code in a container. The biggest advantage for me isn't security though, it's how easy it becomes to spin off agents to work in the background.

I use a simple script that copies my working directory into a container, prompts Claude Code, and then either saves a planning document locally, or opens a pull request in GitHub for me to review.

I quite like this because it makes starting agents when I have ideas really frictionless, and then I can easily discard the results and try again if it went off the rails. The Max plan makes me not worry about the cost of this whole process as well.

I also set up containers initially out of caution, but honestly, I've never seen Claude Code do anything that git couldn't easily reverse, so I'm not that worried about that any more.

eMPee584 3 days ago

And thus, the machines managed to build trust in their harmlessness in men. Which, eventually, would turn out advantageous..

Reply View 1 reply
  • dcreater 3 days ago

    Yeah the point of security is missed. Given how easy it is, I doubt I'm ever going to run Claude code or any other CLI that uses remote AI servers without a devcontainer again

    Reply View 0 replies
m_kos 3 days ago

> I've never seen Claude Code do anything that git couldn't easily reverse, so I'm not that worried about that any more.

I had one agent that installed something with pip and used it to rewrite my git history. It used the wrong flag and what was left was one file. I am glad I caught it before auto-commit and push triggered. It was one of my hobby projects, so not a huge deal. I can't imagine the fallout of this happening in a work environment.

Reply View 0 replies
manmal 3 days ago

Have you tried setting up multiple git worktrees as well? I wonder if that doesn’t solve most of the issues.

Reply View 4 replies
  • sothatsit 3 days ago

    I have, but I just found that a bit tedious to manage manually. Maybe another version of this script would just be to automatically create a worktree, run a prompt in that, and then have the script manage the results, and clean up the worktree at the end.

    Reply View 2 replies
    • nojs 2 days ago

      One thing that I’ve found works well is to permanently have a few numbered branches checked out as worktrees, keep them up to date with main, and then when you want to do a task in parallel you just pick an existing branch rather than creating and deleting worktrees every time.

      This lets you persist local databases, IDE project settings and so on for each worktree too.

      Reply View 0 replies
  • stavros 3 days ago

    It does, yes, and it's what Claude Code recommends officially.

    Reply View 0 replies
anon7000 3 days ago

Even locally, Claude in multiple terminal tabs/windows can do different tasks in parallel

Reply View 2 replies
  • sothatsit 3 days ago

    They can, but I find it harder to review if you are trying to get Claude Code to do anything non-trivial. I've seen some people make multiple git worktrees so they can have two instances of Claude Code working independently, but I found that to be tedious to manage.

    Reply View 1 reply
extr 3 days ago

Any interest in sharing the script?

Reply View 4 replies
  • hboon 3 days ago

    Not the OP, but I have this fish alias. I just run `claude-docker` in my project root (where I would otherwise run `claude`). There's nothing to it. You can tweak it:

        alias claude-docker='docker run --mount type=bind,source=/Users/hboon/.claude,target=/home/node/.claude --mount type=bind,source=/Users/hboon/.claude.json,target=/home/node/.claude.json --mount type=bind,source=.,target=/workspace/project --workdir /workspace/project -it cc /usr/bin/fish'
    Reply View 0 replies
  • sothatsit 3 days ago

    I'm afraid it is not that shareable as it contains a lot of dependency management and setup that is specific to my setup and projects. But it's not too complicated. You could probably re-create your own version fairly quickly.

    It's just a Dockerfile that installs dependencies, an entrypoint that invokes claude, and some wrapper scripts that handle creating the container, passing through the prompt, and managing the results (e.g., output markdown to a directory, or open a PR). For input/output from the container I mount directories within the Docker container to local directories under ~/.call_claude/. I create a directory under there, clone the source code to it, output the prompt to a text file, and then grab results from that directory after Claude Code has finished running.

    Reply View 2 replies
    • rob 3 days ago

      Just have Claude make a version of your script that's shareable for others, no?

      Reply View 1 reply
      • sothatsit 3 days ago

        It's just not that simple. If your scripts contain 20 things hard-coded to your setup and projects, it is not quick nor easy to remove all of those and make something configurable and easily adaptable to other people's setups and projects.

        Adapting the scripts to your specific setup is pretty much the entirety of the work in setting this up.

        Reply View 0 replies