Status: ✅ Fully Operational - Docker sandbox with browser-based authentication
Get your GitHub token (optional):
docker build . \
--tag claude-sandbox-personal \
--build-arg GH_TOKEN="gho_************************************" \
--build-arg USER_UID="$(id -u)" \
--build-arg USER_GID="$(id -g)" \
--no-cacheNote: No Anthropic API key needed - Claude will use browser login authentication.
Standard command with browser login:
docker run --rm -it \
--memory=16g \
--memory-swap=16g \
--ulimit nofile=65536:65536 \
--tmpfs /tmp:rw,noexec,nosuid,size=1g \
-v "$(pwd):/sandbox:rw" \
-v "$HOME/.claude:/home/claude/.claude:ro" \
-p 3000:3000 -p 8000:8000 -p 8080:8080 -p 5173:5173 \
claude-sandbox-personal claude-safeWith GitHub token (for git operations):
docker run --rm -it \
--memory=16g \
--memory-swap=16g \
--ulimit nofile=65536:65536 \
--tmpfs /tmp:rw,noexec,nosuid,size=1g \
-e GH_TOKEN="gho_************************************" \
-v "$(pwd):/sandbox:rw" \
-v "$HOME/.claude:/home/claude/.claude:ro" \
-p 3000:3000 -p 8000:8000 -p 8080:8080 -p 5173:5173 \
claude-sandbox-personal claude-safeNote: Claude config is mounted as ro for security. Authentication tokens are saved on the host system.
alias claude-here='docker run --rm -it \
--memory=16g \
--memory-swap=16g \
--ulimit nofile=65536:65536 \
--tmpfs /tmp:rw,noexec,nosuid,size=1g \
-v "$(pwd):/sandbox:rw" \
-v "$HOME/.claude:/home/claude/.claude:ro" \
-p 3000:3000 -p 8000:8000 -p 8080:8080 -p 5173:5173 \
claude-sandbox-personal claude-safe'
alias claude-here-gh='docker run --rm -it \
--memory=16g \
--memory-swap=16g \
--ulimit nofile=65536:65536 \
--tmpfs /tmp:rw,noexec,nosuid,size=1g \
-e GH_TOKEN="$GH_TOKEN" \
-v "$(pwd):/sandbox:rw" \
-v "$HOME/.claude:/home/claude/.claude:ro" \
-p 3000:3000 -p 8000:8000 -p 8080:8080 -p 5173:5173 \
claude-sandbox-personal claude-safe'alias --save claude-here='docker run --rm -it \
--memory=16g \
--memory-swap=16g \
--ulimit nofile=65536:65536 \
--tmpfs /tmp:rw,noexec,nosuid,size=1g \
-v (pwd):/sandbox:rw \
-v $HOME/.claude:/home/claude/.claude:ro \
-p 3000:3000 -p 8000:8000 -p 8080:8080 -p 5173:5173 \
claude-sandbox-personal claude-safe'
alias --save claude-here-gh='docker run --rm -it \
--memory=16g \
--memory-swap=16g \
--ulimit nofile=65536:65536 \
--tmpfs /tmp:rw,noexec,nosuid,size=1g \
-e GH_TOKEN="$GH_TOKEN" \
-v (pwd):/sandbox:rw \
-v $HOME/.claude:/home/claude/.claude:ro \
-p 3000:3000 -p 8000:8000 -p 8080:8080 -p 5173:5173 \
claude-sandbox-personal claude-safe'Usage:
# Standard usage
cd ~/any-project && claude-here
# With GitHub token (for git operations)
export GH_TOKEN="gho_************************************"
cd ~/any-project && claude-here-gh- 16GB Memory Limit - Prevents out of memory errors
- Polling-based File Watching - No more inotify kernel memory issues
- Node.js Heap Optimization - 3GB heap size for large projects
- System Limits - Optimized file descriptors and tmpfs
- Claude Code CLI v1.0.96 - With dangerous permissions for sandbox operation
- Node.js & Bun - Modern JavaScript runtime and package manager
- PHP 8.2 - With Composer for PHP development
- Python 3 - For Python-based projects
- Git - Version control with proper ownership handling
- Development Tools - vim, nano, tree, jq, rsync, and more
- Automatic UID/GID Handling - Resolves user conflicts dynamically
- Read-Only Mount Support - Safely handles mounted .claude configuration
- Container Isolation - Runs as non-root user (claude, UID:2000+)
If you still encounter ENOMEM errors:
- Increase memory: Change
--memory=16gto--memory=20g - Check system memory:
free -h - Clear Docker cache:
docker system prune - System-wide fix:
echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p
If Claude has authentication problems:
- Browser login: Claude will prompt for browser authentication on first use
- Check credentials: Ensure
~/.claude/.credentials.jsonexists and is readable - Token expiration: OAuth tokens may expire, requiring re-authentication
- Network issues: Container may not be able to validate tokens online
Browser login workflow:
# Run Claude and follow browser login prompts
docker run --rm -it \
--memory=16g \
--memory-swap=16g \
-v "$(pwd):/sandbox:rw" \
-v "$HOME/.claude:/home/claude/.claude:ro" \
claude-sandbox-personal claude-safe- Verify
~/.claudedirectory exists and is readable - Check that current directory is writable for Docker
- Review container logs for UID/GID conflict messages
- Verify Docker has at least 16GB RAM available
- Check that GH_TOKEN has proper repository permissions (optional)
- Ensure sufficient disk space for Docker image build
NODE_OPTIONS="--max-old-space-size=3072"- Node.js memory optimizationCHOKIDAR_USEPOLLING=true- Polling-based file watching (prevents ENOMEM)CHOKIDAR_INTERVAL=1000- File polling interval (1 second)ANTHROPIC_MODEL- Default model (claude-sonnet-4-20250514)
# Claude Code operations
claude-safe --help # Claude with dangerous permissions
claude --help # Claude with normal permissions
# Development tools
bun install && bun run dev # Node.js development
composer install && php -S :8000 # PHP development
python3 -m http.server 8080 # Python development
git status # Git operations- Docker: Latest version with at least 16GB RAM allocated
- System Memory: Minimum 20GB RAM recommended
- Disk Space: 3GB free space for Docker image
- Authentication: Internet access for Claude browser login
- Network: Internet access for Claude API calls