Run the SOTA AI coding agent in a portable, secure sandbox.
Claude Code is a state-of-the-art AI coding assistant. Unfortunately, its CLI is distributed as closed-source and obfuscated javascript. You don't know what it's doing. Is it reading your SSH keys? Is it indexing your photos? Is it planning some Skynet world domination from your ~/Downloads folder?
Probably not... but why risk it?
ClaudeCage solves this by packaging the claude-code CLI into a fully isolated, single-file container. It cannot access any part of your system except for the single project directory you are currently working in.
- Secure Sandbox: Powered by Linux namespaces, the
claudeprocess is heavily restricted and cannot access your home directory, network information, or other processes. - Single-File Portability: The entire environment—the
claudebinary, thebunruntime, and all dependencies—is packed into a single executable file. Download it, make it executable, and run it. - No Host Dependencies: You do not need
node,bun, or anything else installed on your system. - Works on Most Linux Distros: Runs on virtually any modern Linux distribution.
- Better Performance: Runs at native speed. It runs even faster than official Claude Code thanks to the modern high performance javascript runtime: bun.
- Custom API Support: Easily configure it to use custom API endpoints, including OpenAI proxies.
ClaudeCage is built using the RunImage project, which leverages Bubblewrap to create lightweight, unprivileged containers. This project provides a simple build script to automate the creation of a custom RunImage container specifically for claude-code.
Download ClaudeCage binary and ClaudeCage.rcfg config file, copy both files to a location in your $PATH, like ~/.local/bin/.
First, clone the repository. The build script has no dependencies other than curl and standard coreutils.
git clone https://github.com/your-username/ClaudeCage.git
cd ClaudeCage
./build.shThe script will download the necessary components and create two files in the current directory:
ClaudeCage: The portable executable.ClaudeCage.rcfg: The sandbox configuration file.
Move both the ClaudeCage executable and the .rcfg file to a location in your $PATH, like ~/.local/bin/.
mv ClaudeCage ClaudeCage.rcfg ~/.local/bin/Now, you can use it just like the regular claude command. Navigate to any project directory and run it. It will only have access to that directory.
cd /path/to/my/awesome-project
ClaudeCage "Refactor this function to be more efficient." # Claude Code now has access to this directory onlyYou can make claude-code use a custom API endpoint (including OpenAI proxies like claude-code-proxy) by setting environment variables before running ClaudeCage. claude-code-proxy is NOT integrated into this project.
# Example for using claude-code-proxy that translate API calls to OpenAI API format.
export ANTHROPIC_BASE_URL="http://localhost:8082/"
export ANTHROPIC_AUTH_TOKEN="not-needed-when-using-local-proxy"
export ANTHROPIC_MODEL="anthropic/claude-sonnet-4"
export ANTHROPIC_SMALL_FAST_MODEL="google/gemini-2.0-flash"
ClaudeCage "What is the capital of Nebraska?"See the official claude-code settings documentation for more details.
This project would be impossible without the fantastic work of the following open-source tools:
- RunImage for making single-file, portable Linux containers a reality.
- Bubblewrap for providing the low-level sandboxing technology.
- Bun as modern, high performance, node.js-compatible javascript runtime.
- claude-code-proxy for recommended OpenAI format API proxy.