trusted-agent 0.7.1

Run Claude Code inside a podman container, wrapped by gVisor.

Run claude code in a gVisor sandbox, inside a container.

You need to have podman installed and ready, and be signed-in in claude-code on the host.

uvx trusted-agent claude --dangerously-skip-permissions "Do something"

Variants

Pick a pre-built image variant with --variant NAME (defaults to default):

• default — node + python + common dev tools.
• nodejs — adds pnpm and yarn.
• rust — adds the Rust stable toolchain (with clippy and rustfmt).
• android — adds JDK 17 and the Android SDK.

uvx trusted-agent --variant rust claude

Drop your own Dockerfile at ~/.config/trusted-agent/variants/<name>/Dockerfile to add a variant. User variants take precedence over bundled ones with the same name. To extend the lean base, start your file with FROM trusted-agent-default:latest.

Changelog

All notable changes to this project are documented in this file. The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

0.7.1

Fixed

• trusted-agent --help / -h now prints local usage and exits instead of building the image and forwarding the flag to claude inside the sandbox.

0.7.0

Added

• Image variants. The single Dockerfile is split into default (lean base with Python), nodejs (adds pnpm + yarn), rust, and android. Pick one with --variant NAME. Users can drop their own variant at ~/.config/trusted-agent/variants/<name>/Dockerfile; user variants take precedence over bundled ones.

Changed

• Image is now tagged trusted-agent-<variant>:latest instead of trusted-agent:latest. The old image is no longer built and can be removed with podman image rm trusted-agent:latest.
• default variant no longer bundles the Rust toolchain or the Android SDK; use --variant rust / --variant android to get them.

0.6.2

Added

• Render the changelog on the PyPI project page alongside the README, via the hatch-fancy-pypi-readme build hook.

0.6.1

Added

• Mirror the host's ~/.claude/plugins/ into the sandbox at container start so installed plugins are available without manual reinstall. Carries over enabledPlugins and extraKnownMarketplaces from the host's ~/.claude/settings.json into the projected user settings.

0.5.0

Added

• Bind-mount the git common dir for linked worktrees so git commands resolve inside the sandbox.
• Rust toolchain (stable, with clippy and rustfmt) and the Android SDK (cmdline-tools, platform-tools, API 34, build-tools 34.0.0) in the image.

0.3.0

Added

• Install uv / uvx in the sandbox image.
• README with basic usage.

0.2.0

Added

• First working version: run Claude Code inside a podman + gVisor sandbox with a projected ~/.claude.json, projected credentials, and a /workspace bind-mount.