hako/README.md
2025-06-10 22:39:36 -03:00

1.4 KiB

hako

sandboxing claude code in a very primitive manner.

protects against

  • you accidentally letting claude run rm -rf /

DOES NOT PROTECT AGAINST

  • claude generating malicious code
    • if you hako sync malicious code made by it and then build-and-run, you're cooked
  • running malicious code
    • malicious code can escape the container
    • malicious code can exfiltrate container FS to evil server
    • malicious code can run cryptocurrency miners
    • the container MUST have network access (or how tf do you think claude can access claude???)
      • i am NOT writing a proxy that denies everything except claude.ai. maybe someone else can ask their claude to do it

install

requirements

  • docker
  • git repository (must be run within a git project)
  • go 1.x (for building from source)
go build -o hako

usage

setup

# build the main base container image
hako init

# build a lang-specific container image (supports go for now)
hako init go

actually sandboxing

cd to/your/project

hako up # spins a container up w/ the base image
hako up go # spins a container up w/ the lang-specific image

# stop the container
hako down

# list running containers
hako ps

# download files from the container into cwd
hako sync

configuration

Configuration files are stored in ~/.config/hako/:

  • Dockerfile.base - Base Docker image configuration
  • Dockerfile.{lang} - Language-specific Docker configurations