git404hub

what is sannux fr?

luizomf/sannux — explained in plain English

Analysis updated 2026-05-18

14ShellAudience · developerComplexity · 3/5Setup · moderate

tl;dr

A set of Docker templates that isolate AI coding agents like Claude Code and Codex in containers so they cannot touch your real home directory or credentials.

vibe map

mindmap
  root((sannux))
    What it does
      Isolates AI coding agents
      Docker container templates
      Protects host credentials
    Tech stack
      Shell
      Docker
      Docker Compose
    Use cases
      Sandbox Claude Code or Codex
      Use local models via Ollama
      Run unattended agent jobs
    Audience
      Developers using AI agents

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Run Claude Code, Codex, or Gemini CLI inside a container that only has access to a project workspace and its own login state.

VIBE 2

Point an AI coding agent at a local open-source model through Ollama instead of a cloud API.

VIBE 3

Run scheduled or long-running unattended agent sessions with CPU and memory limits built in.

what's the stack?

ShellDockerDocker Compose

how it stacks up fr

luizomf/sannuxalhajashafffy/shellsafebrettkinny/tower-dashboard
Stars141414
LanguageShellShellShell
Setup difficultymoderateeasymoderate
Complexity3/52/52/5
Audiencedeveloperops devopsops devops

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · moderate time til it works · 30min

Requires Docker and Docker Compose installed, plus login credentials for whichever AI CLI tool the template wraps.

in plain english

Sannux (short for Sandbox Linux) is a collection of Docker templates for running AI coding agents in isolated containers. AI coding agents like Claude Code, Codex, and Gemini's CLI can read files, edit code, run shell commands, and install packages. When you run them directly on your laptop or server, they get the same access your user account has, including SSH keys, cloud credentials, browser configs, and unrelated projects. Sannux addresses this by wrapping each agent in a container and giving it access to only two folders: the project you want it to work on, and a dedicated home directory for that agent's own login tokens and configuration. The project provides nine templates, each pre-configured for a specific tool: Claude Code, Codex, Gemini, Hermes, opencode, Pi, and a remote development server, plus variants that point Claude Code and Codex at locally-running open-source models through Ollama instead of a cloud API. Each template lives in its own folder with a Dockerfile, a Docker Compose configuration, and setup scripts. You can use the whole collection from the repository root using the included justfile task runner, or copy a single template folder to a server and run it with plain Docker Compose. The README is clear about what isolation this does and does not provide. It prevents the agent from accessing your real home directory, reading credentials outside the mounted workspace, or one agent session interfering with another agent's login state. It does not prevent the agent from making network requests, does not protect against compromised container images, and is not a replacement for stronger sandboxing approaches that use virtual machines. The project describes itself as practical isolation for everyday agentic coding workflows rather than maximum-security containment. The templates support interactive terminal sessions, one-shot commands, scheduled unattended runs, and long-running daemon services managed through Compose. CPU and memory resource limits are built into every template. File ownership between the host and container is handled explicitly so files the agent writes in the workspace are owned by your host user, not by root.

prompts (copy fr)

prompt 1
Set up the claude-code sannux template and run Claude Code isolated in a container.
prompt 2
Explain what sannux protects against and what it does not protect against.
prompt 3
Show me how to point the codex-ollama template at a local model instead of the OpenAI API.
prompt 4
Walk me through copying a single sannux template to a VPS and running it with Docker Compose.

Frequently asked questions

what is sannux fr?

A set of Docker templates that isolate AI coding agents like Claude Code and Codex in containers so they cannot touch your real home directory or credentials.

What language is sannux written in?

Mainly Shell. The stack also includes Shell, Docker, Docker Compose.

How hard is sannux to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is sannux for?

Mainly developer.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.