Run Claude Code inside a podman container, wrapped by gVisor.

Project description

Run claude code in a gVisor sandbox, inside a container.

You need to have podman installed and ready, and be signed-in in claude-code on the host.

uvx trusted-agent claude --dangerously-skip-permissions "Do something"

Changelog

All notable changes to this project are documented in this file. The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.6.2]

Added

Render the changelog on the PyPI project page alongside the README, via the hatch-fancy-pypi-readme build hook.

[0.6.1]

Added

Mirror the host's ~/.claude/plugins/ into the sandbox at container start so installed plugins are available without manual reinstall. Carries over enabledPlugins and extraKnownMarketplaces from the host's ~/.claude/settings.json into the projected user settings.

[0.5.0]

Added

Bind-mount the git common dir for linked worktrees so git commands resolve inside the sandbox.
Rust toolchain (stable, with clippy and rustfmt) and the Android SDK (cmdline-tools, platform-tools, API 34, build-tools 34.0.0) in the image.

[0.3.0]

Added

Install uv / uvx in the sandbox image.
README with basic usage.

[0.2.0]

Added

First working version: run Claude Code inside a podman + gVisor sandbox with a projected ~/.claude.json, projected credentials, and a /workspace bind-mount.

Project details

Release history Release notifications | RSS feed

0.9.0

May 4, 2026

0.8.0

May 4, 2026

0.7.2

May 4, 2026

0.7.1

May 4, 2026

0.7.0

May 4, 2026

This version

0.6.2

May 4, 2026

0.6.1

May 4, 2026

0.6.0

May 4, 2026

0.5.0

Apr 23, 2026

0.4.0

Apr 23, 2026

0.2.0

Apr 21, 2026

0.1.0

Apr 21, 2026

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

trusted_agent-0.6.2.tar.gz (6.4 kB view details)

Uploaded May 4, 2026 Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

The dropdown lists show the available interpreters, ABIs, and platforms. Enable javascript to be able to filter the list of wheel files.

trusted_agent-0.6.2-py3-none-any.whl (7.2 kB view details)

Uploaded May 4, 2026 Python 3

File details

Details for the file trusted_agent-0.6.2.tar.gz.

File metadata

Download URL: trusted_agent-0.6.2.tar.gz
Upload date: May 4, 2026
Size: 6.4 kB
Tags: Source
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for trusted_agent-0.6.2.tar.gz
Algorithm	Hash digest
SHA256	`f74a232a0cf83fa0173c47ca38536e9ebd9c7eb9a99f7beaf94979cb4d63a916`
MD5	`0ea29137979ef1da66cb603449557b19`
BLAKE2b-256	`c560b818502f92515cdc5bd93c95841ae97a190daad11dd2fdaf83e1db7fdec4`

See more details on using hashes here.

Provenance

The following attestation bundles were made for trusted_agent-0.6.2.tar.gz:

Publisher: publish.yml on almet/trusted-agent

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: trusted_agent-0.6.2.tar.gz
- Subject digest: f74a232a0cf83fa0173c47ca38536e9ebd9c7eb9a99f7beaf94979cb4d63a916
- Sigstore transparency entry: 1437214682
- Sigstore integration time: May 4, 2026
Source repository:
- Permalink: almet/trusted-agent@6c808e433dcce6aef45da8050e9da40076d9fa02
- Branch / Tag: refs/tags/v0.6.2
- Owner: https://github.com/almet
- Access: private
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: publish.yml@6c808e433dcce6aef45da8050e9da40076d9fa02
- Trigger Event: push

File details

Details for the file trusted_agent-0.6.2-py3-none-any.whl.

File metadata

Download URL: trusted_agent-0.6.2-py3-none-any.whl
Upload date: May 4, 2026
Size: 7.2 kB
Tags: Python 3
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for trusted_agent-0.6.2-py3-none-any.whl
Algorithm	Hash digest
SHA256	`a88f97ef475e3c5481dffba6d431e41dda29ebb232c1b9f7538321b8e16d9e57`
MD5	`b567574663490e699935e0b9cc7b307f`
BLAKE2b-256	`96399b774c36d9006da16254a324cdae657bc8989e5098720d7cea90697c5f8d`

See more details on using hashes here.

Provenance

The following attestation bundles were made for trusted_agent-0.6.2-py3-none-any.whl:

Publisher: publish.yml on almet/trusted-agent

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: trusted_agent-0.6.2-py3-none-any.whl
- Subject digest: a88f97ef475e3c5481dffba6d431e41dda29ebb232c1b9f7538321b8e16d9e57
- Sigstore transparency entry: 1437214693
- Sigstore integration time: May 4, 2026
Source repository:
- Permalink: almet/trusted-agent@6c808e433dcce6aef45da8050e9da40076d9fa02
- Branch / Tag: refs/tags/v0.6.2
- Owner: https://github.com/almet
- Access: private
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: publish.yml@6c808e433dcce6aef45da8050e9da40076d9fa02
- Trigger Event: push

trusted-agent 0.6.2

Navigation

Verified details

Maintainers

Unverified details

Meta

Project description

Changelog

[0.6.2]

Added

[0.6.1]

Added

[0.5.0]

Added

[0.3.0]

Added

[0.2.0]

Added

Project details

Verified details

Maintainers

Unverified details

Meta

Release history Release notifications | RSS feed

Download files

Source Distribution

Built Distribution

File details

File metadata

File hashes

Provenance

File details

File metadata

File hashes

Provenance