container

skill
Security Audit
Fail
Health Pass
  • License — License: BSD-3-Clause
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 274 GitHub stars
Code Fail
  • rm -rf — Recursive force deletion command in package.json
  • os.homedir — User home directory access in scripts/postinstall.js
  • fs module — File system access in scripts/postinstall.js
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This tool creates an isolated Docker environment to safely run AI coding assistants like OpenCode, Codex, and Claude Code with full permissions. It handles container management and config mounting via a global CLI.

Security Assessment
Risk: Medium. The tool is designed to wrap AI agents and execute shell commands, which inherently involves process spawning (`spawnSync` in `src/docker.ts`) and accessing your user home directory (`os.homedir` in `src/config.ts` and `src/mounts.ts`). This is expected behavior for copying configurations (like `~/.claude` or `~/.codex`) into the Docker container. However, the scan flagged recursive force deletion commands (`rm -rf`) in `package.json` and `scripts/cleanup.sh`. While likely used for routine cleanup operations, `rm -rf` commands always warrant caution. File system access occurs during `postinstall.js`. No hardcoded secrets or dangerous permission requests were found.

Quality Assessment
The project is actively maintained, with its last push occurring today. It has a solid community backing with 203 GitHub stars and uses the permissive BSD-3-Clause license. The repository is well-documented, providing clear installation steps, migration guides, and usage commands.

Verdict
Use with caution—while the tool is well-made and uses Docker for isolation, its reliance on `rm -rf` and broad home directory access requires trusting the maintainer.
SUMMARY

Safely run OpenCode, Codex, Claude Code with full permissions.

README.md

Banner

container: Isolated Docker environments for your autonomous coding harnesses.

Simple. Lightweight. Secure.

Quickstart

Prerequisites

  • Docker or Podman — Docker Desktop/Engine or Podman
  • A POSIX-Compatible System — Linux, macOS, WSL

Installation

  1. container is available as an NPM package. Install with:

    npm install -g @aerovato/container
    
  2. Run container init (interactive onboarding). It will:

    • Detect installed harnesses (Claude Code, OpenCode, etc.)
    • Migrate your existing configs
    • Let you choose Docker or Podman
    • Configure SSH and git mounts

    Accept the prompt to build the image (first build can take 5+ minutes).

You're done. container is ready to use.

Shameless Self-Promotion

Try Nitro, a simple and efficient Bash harness. 11x cheaper, 75x more efficient than Claude Code for simple Bash tasks.

npm install -g @aerovato/nitro

Usage

Navigate to any project and run container:

cd /path/to/your/project
container

Inside the container: Start your harness and develop like normal.

opencode                     # Start OpenCode
npm install <package>        # Persists per container
# ...

Your project is mounted at /root/<project-name>. Changes persist across sessions. Harness configs are shared across all containers.


You may want to periodically rebuild the image to update harnesses and packages:

container build               # Trigger full rebuild
container build harness       # Rebuild harnesses and user packages
container build user          # Rebuild user packages

Common Commands

container                           # Enter container for current directory
container run /path/to/project      # Enter for a specific project
container run /path -- -p 8080:80   # Pass extra runtime flags
container list                      # List all containers
container stop                      # Stop container
container remove                    # Remove container
container init                      # Re-run onboarding

Customization

Customization is done through two places:

1. ~/.code-container/Dockerfile.User

Add packages and setup steps here. Example:

FROM localhost/aerovato/container-v3-harness:latest

RUN npm install -g bun typescript
RUN pip install requests

RUN npx opencode plugin opencode-quotes-plugin -g

After editing, run container build user to rebuild the image

2. ~/.code-container/settings.json

Primary configuration file. See docs/Settings.md for more details.

Common settings:

  • enabledHarnesses — which harnesses to install
  • runtime"docker" or "podman"
  • dockerfileCore — advanced control over the base image
  • systemMounts — gitconfig and SSH mounts
  • dockerRunFlags / dockerExecFlags — extra runtime flags

Hint: Clone this repo and ask your agent to configure for you.

For V2 Users

After upgrading to V3, all configurations will be archived to ~/.code-container/archive. To migrate configurations over, ask your agent to read and perform the steps in docs/Migration.md.

Features

  • Isolation — Destructive actions stay inside the container
  • 3-Stage Builds — Core → Harness → User (rebuild only what changed)
  • Configurable Runtime — Docker or Podman
  • Harness Packs — Choose exactly which tools to enable
  • Persistent State — Workspaces and configs survive across sessions
  • Simultaneous Work — Multiple agents can safely work on the same project

Security

  • container protects your host filesystem from rm -rfs
  • Packages and configurations inside containers stay localized
  • Isolation prevents cross-contamination across containers

Important limitations:

  • container does not protect against prompt injection or agent misalignment
  • Network access is available inside the container
  • Harness configs will be mounted inside container

Uninstall

npm uninstall -g @aerovato/container
rm -rf ~/.code-container

Consider backing up the harness configurations in ~/.code-container/configs before removing.

Reviews (0)

No results found