How Code Container Lets AI Coders Run with Root Access Safely in Seconds

Overview

Code Container is an open‑source Docker‑based utility that creates a dedicated container for each project. Inside the container AI coding assistants such as Claude Code, OpenCode, or Codex run with full root and network permissions, while the host system remains isolated from any destructive actions.

Installation

npm install -g code-container

Initial setup

# Initialise configuration and copy defaults
container init

# Build the Docker image (≈5 minutes, one‑time operation)
container build

How it works

Running container in any project directory performs the following steps:

Create or restore a Docker container named container‑{project‑name}-{hash} that is bound to the current project.

Mount the project directory to /root/{project‑name} inside the container.

Mount AI‑tool configuration files (e.g., ~/.codex, ~/.config/opencode) into the container so the assistant can access its settings and credentials.

Enter a bash shell where the AI assistant can be invoked with unrestricted permissions.

When the shell exits, the container stops automatically but retains installed packages, shell history, and mounted configuration. A shared “Harness” state stores conversation history and tool configuration, allowing seamless continuation across containers.

Performance and safety

Fresh containers start in roughly 0.3 seconds; subsequent starts are instantaneous because the image is cached. All commands execute inside Docker, so destructive operations such as rm -rf affect only the container’s filesystem. The tool assumes the AI model behaves correctly; it does not mitigate prompt‑injection attacks, which remain a limitation of large language models.

Typical workflow

cd /path/to/your/project
container   # launches the container and drops you into bash
# Inside the container you can run any command, e.g.:
apt-get update && apt-get install -y build-essential
git push origin main
exit        # stops the container, preserving its state

Multiple containers can be started for the same project to parallelise work without risking the host.

Extending the container

To add extra development tools (GCC, Go, Rust, etc.), edit ~/.code-container/Dockerfile and rebuild with container build.

To add additional mount points, modify ~/.code-container/MOUNTS.txt.

For a fully automated setup, clone the repository https://github.com/kevinMEH/code-container and follow the instructions in AGENTS.md.

Repository

Source code and documentation are hosted at https://github.com/kevinMEH/code-container. The repository contains the shell script, Dockerfile, and example configuration files.

Illustrations