If you let an AI coding agent run shell commands on your machine, you've handed it the same reach you have: your SSH keys, your cloud credentials, your whole home directory, and an open internet connection. Claude Code is genuinely useful precisely because it can run commands — but "can run commands" and "can run commands as me, everywhere" are very different risk profiles. This is a practical guide to running Claude Code in a sandbox : a container with a restricted filesystem, a walled-off network, and secrets it simply cannot see. Everything below is config you can copy. TL;DR Run Claude Code inside a Docker container so a bad command can't touch your real home directory or other projects. Mount only the one project directory you're working on, read-write; mount nothing else. Restrict the network — default-deny egress, allow-list only the Anthropic API and the package registries you actually need.…