Run Claude Code in a Matchlock sandbox with Docker available inside the VM.
- Build the local Matchlock binary:
mise run build- Build the example image.
Using Docker:
docker build -t claude-code-with-docker:latest examples/claude-code-with-docker
docker save claude-code-with-docker:latest | matchlock image import claude-code-with-docker:latestOr using Matchlock:
matchlock build -t claude-code-with-docker:latest --build-cache-size 30000 examples/claude-code-with-docker- Export your Anthropic API key:
export ANTHROPIC_API_KEY=...From repo root:
uv run examples/claude-code-with-docker/main.pyOptional flags:
uv run examples/claude-code-with-docker/main.py \
--cpus 4 --memory 8192 --image claude-code-with-docker:latestThe script uses matchlock from PATH by default. Override with MATCHLOCK_BIN=/path/to/matchlock if needed.
- This example launches an interactive shell as the
agentuser. - Docker is expected to work inside the sandbox.
- After attaching, try
docker info,docker run --rm hello-world, andclaude --dangerously-skip-permissions.