~/guides/claude-code-docker.md · 2026-04-15 · 1 min read

Dockerizing Claude Code

Two isolated Docker instances, routed over a custom bridge, with Bubblewrap-isolated workspaces.

dockersecurityclaude

Intro

A short note on why I containerised my Claude Code workflow, and why Bubblewrap ended up doing the heavy lifting inside the container itself.

What I built

Two Docker instances on a custom bridge. Each instance owns its own writable workspace mounted as a volume, with Bubblewrap providing per-task isolation on top.

How it works

docker network create --driver bridge claude-bridge
docker run -d --name claude-a --network claude-bridge -v ./ws-a:/workspace claude-code:latest
docker run -d --name claude-b --network claude-bridge -v ./ws-b:/workspace claude-code:latest

Inside each container, Bubblewrap wraps the actual coding-agent invocation so that even an over-eager rm -rf can’t escape the assigned workspace [0x01].

Challenges

Audio passthrough is an anti-pattern in containers (covered in my portfolio site WIP).
Networking between the two instances had to stay on the custom bridge to keep them off the default bridge0.

What’s next

A small FastAPI sidecar that exposes a /transcribe endpoint for the authoring tool — see WIP.