Simon Emanuel Schmid

Sandbox Claude Code on Mac Without Docker Overhead

Claude Code — Fri, 20 Feb 2026 00:00:00 GMT

> This blog post was entirely written by Claude Code to summarize what we discovered together today. I proofread it and think it also makes sense to read as a human. I use Claude Code daily for non-dev tasks — organizing a relocation, managing documents, drafting emails. The problem: Claude's built-in permission system is cumbersome. It asks the same questions over and over, and it's not real isolation. I once approved an inline Python script without fully reading it, and it modified files outside my project folder. So you need `--dangerously-skip-permissions`. But running that on your bare machine is... dangerous. The standard answer is Docker and DevContainers. It works, but it's slow. Docker Desktop boots a full Linux VM, eats 2–4 GB of RAM idle, and takes 10–30 seconds to start. For running a CLI tool in a sandbox, that's overkill. ## Apple Container: per-container micro-VMs Since September 2025, macOS Tahoe ships with support for [Apple Container](https://github.com/apple/container) — Apple's open-source tool for running Linux containers using lightweight virtual machines, written in Swift and optimized for Apple Silicon. The key difference from Docker: **each container gets its own micro-VM**. Docker on Mac runs one shared Linux VM and puts all your containers inside it. Apple Container spins up a dedicated lightweight VM per container. Better isolation, no shared daemon, sub-second startup. First released at WWDC in June 2025, it's now at v0.9.0 (February 2026). Still pre-1.0, but the runtime is solid. ## The setup Install Apple Container from [GitHub releases](https://github.com/apple/container/releases) (it's a `.pkg` — double-click to install). Then start the service: ```bash container system start ``` Here's the Dockerfile — deliberately minimal since we're just sandboxing a CLI tool: ```dockerfile FROM debian:bookworm-slim RUN apt-get update && apt-get install -y --no-install-recommends \ git curl sudo ca-certificates jq \ && rm -rf /var/lib/apt/lists/* RUN useradd -m -s /bin/bash node USER node RUN curl -fsSL https://claude.ai/install.sh | bash ENV PATH="/home/node/.local/bin:$PATH" USER root WORKDIR /workspace ``` And the launch script: ```bash #!/bin/bash set -e WORKSPACE="$(cd "$(dirname "$0")" && pwd)" if ! container system status &>/dev/null; then container system start fi exec container run -it --rm \ --cpus 2 --memory 4G \ -v "$WORKSPACE:/workspace" \ -v "$HOME/.claude:/home/node/.claude" \ --mount "type=bind,source=$HOME/Downloads,target=/home/node/Downloads,readonly" \ -e ANTHROPIC_API_KEY="${ANTHROPIC_API_KEY}" \ -u node -w /workspace \ claude-sandbox \ claude --dangerously-skip-permissions "$@" ``` That's it. Claude runs fully unleashed inside a micro-VM. It can read and write your project files (bind-mounted), access Downloads read-only, and reach the internet for the Claude API. It cannot touch anything else on your Mac. ## The comparison | | Docker Desktop | OrbStack | Colima | Apple Container | |---|---|---|---|---| | **Startup** | ~10–30s | ~1s | ~5–10s | Sub-second | | **Idle RAM** | 2–4 GB | 300–500 MB | ~400 MB | No daemon | | **Isolation** | Shared VM | Shared VM | Shared VM | Per-container VM | | **Cost** | Free (small co) | $8/mo commercial | Free (MIT) | Free | | **Open source** | No | No | Yes | Yes (Apache 2.0) | Docker Compose remains the gold standard for interoperability — if you need your setup to work on Linux and Windows too, stick with Docker. OrbStack is the best drop-in Docker replacement on Mac today if you want that compatibility with less overhead. Colima is the open-source alternative. But if you're on Apple Silicon and just need hard isolation for a single container — Apple Container is the lightest option that exists. ## One gotcha: building images As of v0.9.0, `container build` has a [known networking bug](https://github.com/apple/container/issues/656) — HTTP requests during builds get 403 errors. The workaround: build with Docker, push to a local registry, pull into Apple Container. ```bash docker build -t claude-sandbox .devcontainer/ docker run -d --rm --name registry -p 5555:5000 registry:2 docker tag claude-sandbox localhost:5555/claude-sandbox docker push localhost:5555/claude-sandbox container image pull --scheme http localhost:5555/claude-sandbox container image tag localhost:5555/claude-sandbox claude-sandbox docker stop registry ``` You only need to do this once (or when you update the Dockerfile). Day-to-day, it's just `./start.sh` and you're in. ## Who this is for If you use Claude Code for daily tasks — not heavy development, just the kind of work where you want to say "go do it" without babysitting permissions — and you're on a Mac with Apple Silicon running macOS 26+, this is the thinnest possible sandbox. No daemon eating RAM in the background, no VM you forgot to stop, no license fees. Just a micro-VM that starts in under a second and dies when you're done. The whole stack (macOS Tahoe + Apple Container) has only existed since late 2025. It's very new, still pre-1.0, and has rough edges. But for this use case, it works today.

I minted a Noun

You — Fri, 24 Oct 2025 00:00:00 GMT

gm Yesterday, at Ethereum [block 23642273](https://eth.blockscout.com/tx/0x0f69832d15ef581817de0b73248be25cb02d503f00288b8517fb31285532223a), I minted [my first Noun: 1689](https://nouns.wtf/noun/1689). From now on it will be my profile picture on all socials. ## Why Nouns? Using blockchain primitives like block number or block hash to generate art immediately clicked for me. Yes, you can mint any JPEG aka jaypeg, any digital artefact, but turning the blockchain from a ledger into a creative seed is truly novel. This was also the thought process behind my fizzling side projects [@lissajous_art](https://twitter.com/lissajous_art) and [@proofofgroove](https://twitter.com/proofofgroove). But Nouns is more than that: - **From a technical perspective**: The art is generated and stored onchain. This pushes the boundaries of what a smart contract programming language can (and should?) do. We can check where the actual artwork is stored by looking at the `tokenURI` read function of any compatible NFT smart contract. [Here is what the Nouns one looks like](https://abi.ninja/0x9C8fF314C9Bc7F6e59A9d9225Fb22946427eDC03/1689?methods=tokenURI). - **From a legal perspective**: Nobody holds any copyright over [the artwork](https://nouns.wtf/brand). It is [CC0 licensed](https://creativecommons.org/public-domain/cc0/) which means everybody can do with it whatever they want. They can print t-shirts, use it in videos, create [derivative NFT projects](https://lilnouns.wtf/), etc, without asking anybody for permission. The ownership of the Nouns is stored on the blockchain. Why bother with copyrights like other NFT collections do? I think this is pretty cool. - **From a societal perspective**: The proceeds of minting a Noun are not making the creators aka Nounders rich directly.[^1] They go into the treasury of the NounsDAO and every holder of a Noun aka Nouner (not to confuse with Noun**d**er) can vote on proposals how to spend that money. And they do cool stuff like [The Nouns Fair](https://nouns.wtf/vote/855), art installations and sponsorships of Ethereum events like ETHGlobal hackathons and the upcoming DevConnect in Buenos Aires. Sure, a DAO that manages a big multi-million-dollar treasury also generates a lot of drama. As happens wherever human beings are involved. The bigger the money the bigger the potential for drama. To address that, NounsDAO invented a mechanism to manage the disagreements: [They invented DAO forks](https://nouns.wtf/fork): If 20% of Nouners disagree, they can initiate a fork and split the treasury proportionally into a new DAO and then do whatever they want. Pretty interesting. ## Why now? Aren't NFTs dead? Hype bubbles have something interesting in common: After they burst, all the bullshit gets cleaned out but the core value and good ideas survive: The companies that survived the dotcom bubble defined what the internet is today, the ICO-bubble survivors are now the key drivers of web3, and Nouns is in my opinion one of the NFT-bubble survivors that delivers fundamental value. An open ecosystem that invites one new person to join, every day, forever. ## So what? I think profile pictures (PFPs) are actually still a great usecase of NFTs. I see a lot of my onchain frens reppin' PFPs. I think the PFP that one chooses also says a lot about that person. Think about the Bored Apes, the Punks, the Miladies, the Mfers, the Pudgy Penguins. There is immediately a picture and feeling about that person. I thought it was time for a new PFP and I started to look into different projects and just realized more and more that I like Nouns for the above reasons and I wanted to be a part of it. I started to watch the auctions a couple of days, loaded my public wallet with enough ETH and then minted mine. It sounds cheesy but when I saw it, I knew I had to mint it. And now: I'm a Nouner, let's see where this journey will lead me. [^1]: The Nounders get every 10th Noun sent to their multisig for the first 5 years. They are vested to align the Nounders incentives with the overall success of the project. See: https://nouns.wtf/nounders

Hello world! The path to Blogosphere 2.0

You — Mon, 15 Jan 2024 00:00:00 GMT

# Hello world! The path to Blogosphere 2.0 This is my first article on my new website. I plan to write more and thought a lot about where I want to put my writings. There are 100s of platforms and also protocols nowadays that compete for user-generated content. Most of them in order to monetize their operations and ultimately, make their founders and early investors rich. While I do not necessarily think wanting to become rich is bad, the question is more what's in it for me? My intention is to fully and truly own my content initially and then leverage multiple platforms for distribution. I think this might be a great interests aligned deal: If these platforms are actually able to amplify my content, then I'm happy to let them also monetise it. But if they fail to do so, go out of business or I don't like how they operate anymore, my content is still here. The crypto readers would probably think to put it on-chain or use some other sort of cryptographic method to proof ownership. This is definitely something I want to explore in the future and also write about. But to start small and simple I though it's the easiest to create my own website or blog. This way, I also have a playground to coding experiments. Let me talk about my goal here first: ## Goal: Blogosphere 2.0 I think we can together work on something like a Blogosphere 2.0. I'm not very tied to that term and as of now, this is just a rough idea that hopefully will spark better ideas in you, my valued reader 😊. In the early days of the internet, before social media, there was a thing called the [blogosphere](https://en.wikipedia.org/wiki/Blogosphere). People participating in that blogosphere usually ran their own blog software, mostly [Wordpress](https://wordpress.org/). Fun fact: according to [may last research](https://www.perplexity.ai/search/website-technology-trend-sayDvU83RU283XUBJqGPAQ?s=c), Wordpress still powers ~45% of all websites on the internet 🤯. Anyways, these blogs were interlinked with so-called [linkbacks](https://en.wikipedia.org/wiki/Linkback): Whenever one blog author linked to a blog of another blog author, that blog got notified. More often than not, these links were automatically included into the linked-blog. This created something like a social network. Instead of friends or followers bloggers had, and still have, just peers that link to each other. Very internet native. Unfortunately, this feature was then abused for spam and also the internet community moved over to web 2.0 which had more streamlined user experience thanks to the centralised teams that were able to build the monopolies that are now so often criticised. So my idea for a blogosphere 2.0 would roughly be: - Revise the greats from the OG blogosphere and reuse it where appropriate. - Enhance it with new protocols like [Lens](https://www.lens.xyz/), [Farcaster](https://www.farcaster.xyz/), [Arweave](https://arweave.org/) and more - Come up with a new specification that enables everybody to participate in the Blogosphere 2.0 and fully control their own content independent of any platform or protocol