claudebox

Secure macOS sandbox wrapper for Claude Code

Run Claude Code with confidence. claudebox provides automatic package manager detection, comprehensive file system protection, and configurable security policies.

🚀 Get Started 📱 View on GitHub
🔒
Secure by Design
Lightning Fast
🛠️
Auto-Detection
claudebox
$ ./claudebox
Package managers detected
Sandbox profile generated
Claude Code running securely

Powerful Security Features

🔍

Auto Package Detection

Automatically detects and configures access for Homebrew, npm, nvm, fnm, nodenv, and Nix package managers.

  • Homebrew (ARM & Intel)
  • Node Version Managers
  • Nix Store Access
🛡️

Comprehensive Protection

Blocks access to sensitive directories while allowing necessary system resources and development tools.

  • Protects ~/Documents, ~/Desktop
  • Blocks ~/.ssh, ~/.aws access
  • Allows IDE configurations

Performance Optimized

Intelligent caching and parallel detection ensure minimal overhead while maintaining security.

  • 1-hour path caching
  • Parallel package detection
  • Minimal startup time
🔧

Developer Friendly

Rich debugging options, dry-run mode, and comprehensive configuration support.

  • Verbose logging mode
  • Profile validation
  • Custom configuration

Quick Installation

Direct Usage

git clone https://github.com/Greitas-Kodas/claudebox.git
cd claudebox
chmod +x claudebox
./claudebox

System Installation

sudo cp claudebox /usr/local/bin/
claudebox

Using install.sh

./install.sh

Usage Examples

Basic Usage

# Run Claude Code with default settings
claudebox

# Run with specific arguments
claudebox run --help

Debug Mode

# Enable verbose output
CLAUDEBOX_VERBOSE=1 claudebox

# Dry run mode
CLAUDEBOX_DRY_RUN=1 claudebox

Profile Management

# Generate profile only
claudebox generate

# Validate profile
claudebox validate

Advanced Configuration

# Custom config file
CLAUDEBOX_CONFIG=/path/to/config claudebox

# Combined options
CLAUDEBOX_VERBOSE=1 claudebox run

Security Model

✅ Allowed Access

  • Project directory: Full read/write access
  • System binaries: /usr, /bin, /sbin, /System
  • Package managers: Detected paths
  • Claude config: ~/.claude, ~/.claude.json
  • IDE configs: .vscode, .cursor, .vim (read-only)
  • Networking: Full network access
  • Temp directories: /tmp and system temp

❌ Blocked Access

  • Personal directories: ~/Documents, ~/Desktop
  • Media folders: ~/Pictures, ~/Movies
  • Sensitive configs: ~/.ssh, ~/.aws, ~/.gnupg
  • Kubernetes: ~/.kube
  • System modifications: Protected system files
  • Downloads: ~/Downloads directory

Ready to Secure Your Development?

Get started with claudebox today and run Claude Code with confidence.

📥 Download Now 💬 Get Support