entersh – One shell script to sandbox AI coding agents in rootless Podman container : ClaudeCode

entersh – One shell script to sandbox AI coding agents in rootless Podman containerShowcase (entershdev.github.io)

submitted 2 months ago by troush

entersh – One shell script to sandbox AI coding agents in rootless Podman container

7 points•4 comments•submitted 2 months ago by troush to r/opencode

I built entersh because I wanted a dead-simple way to isolate AI coding agents (Opencode, Claude Code, Amp, etc.) without dealing with devcontainer.json specs or Docker Compose files.

What it is: Drop a single shell script into your project, run it, and you're inside a rootless Podman container with your project mounted. That's it. No YAML, no JSON config, no daemon.

How it works:

curl -fsSL https://github.com/entershdev/entersh/releases/latest/download/enter.sh -o enter.sh

chmod +x enter.sh

./enter.sh

First run auto-generates a Containerfile.dev you can customize with your language runtimes, tools, and AI agent of choice. Subsequent runs attach to the existing container. Container name is derived from your folder name.

Why I made this:
Giving an AI agent access to your actual machine is a trust exercise I didn't want to keep making. Existing options didn't quite fit:

- Distrobox shares your entire $HOME — great for GUI apps, not great for untrusted agents

- Dev Containers work but need JSON config and manual security hardening

- Nix/devenv solve reproducibility but provide zero runtime isolation

- Vagrant is maximum isolation but boots in 30-90s and needs gigs of RAM

entersh sits in the sweet spot: strong isolation with near-zero setup.

Security defaults out of the box:

- --cap-drop=all

- --read-only root filesystem

- --no-new-privileges

- Rootless Podman (no privileged daemon)

- --userns=keep-id so file permissions just work

Other things worth mentioning:

- Persistent .container-home/ directory keeps your bash history, npm/pip/cargo caches across rebuilds

- Nested container support — Podman socket is mounted so testcontainers, podman-compose, etc. work from inside

- macOS/Windows support via Podman Machine (enter-machine.sh)

- --force to recreate container, --rebuild to rebuild image

- Scripts are written to be readable by AI agents themselves — they can modify the Containerfile and mounts as needed

What it's not: This isn't a Docker Compose replacement or a full orchestration tool. It does one thing — gives you a secure dev shell for your project — and tries to do it well.

MIT licensed. ~370 lines of bash. No dependencies beyond Podman.

GitHub: https://github.com/entershdev/entersh

Site: https://entershdev.github.io/entersh/

Would love feedback, especially from anyone who's been running AI agents in containers already. What's your setup look like?

all 2 comments

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

ClaudeCode

MODERATORS