Comment by psidium

I like this. I have crafted a Claude Code docker container to similar effects. My problem is that my env has intranet access all the time (and direct access to our staging environment) and I don’t want a coding agent that could go rogue having access to those systems. I did manage to spin up an iptables based firewall that blocks all requests unless they’re going to the IPs I allowlist on container start (I was inspired by the sandbox docs that Anthropic provides). My problem right now is that some things that my company use are behind Akamai, so a dig lookup + iptables allow does not work. I’ll probably have to figure out some sort of sidecar proxy that would allow requests on the fly instead of dig+iptables.