whatisgithub

What is sannux?

luizomf/sannux — explained in plain English

Analysis updated 2026-05-18

14ShellAudience · developerComplexity · 3/5Setup · moderate

In one sentence

A set of Docker templates that isolate AI coding agents like Claude Code and Codex in containers so they cannot touch your real home directory or credentials.

Mindmap

mindmap
  root((sannux))
    What it does
      Isolates AI coding agents
      Docker container templates
      Protects host credentials
    Tech stack
      Shell
      Docker
      Docker Compose
    Use cases
      Sandbox Claude Code or Codex
      Use local models via Ollama
      Run unattended agent jobs
    Audience
      Developers using AI agents

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Run Claude Code, Codex, or Gemini CLI inside a container that only has access to a project workspace and its own login state.

USE CASE 2

Point an AI coding agent at a local open-source model through Ollama instead of a cloud API.

USE CASE 3

Run scheduled or long-running unattended agent sessions with CPU and memory limits built in.

What is it built with?

ShellDockerDocker Compose

How does it compare?

luizomf/sannuxalhajashafffy/shellsafebrettkinny/tower-dashboard
Stars141414
LanguageShellShellShell
Setup difficultymoderateeasymoderate
Complexity3/52/52/5
Audiencedeveloperops devopsops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires Docker and Docker Compose installed, plus login credentials for whichever AI CLI tool the template wraps.

So what is it?

Sannux (short for Sandbox Linux) is a collection of Docker templates for running AI coding agents in isolated containers. AI coding agents like Claude Code, Codex, and Gemini's CLI can read files, edit code, run shell commands, and install packages. When you run them directly on your laptop or server, they get the same access your user account has, including SSH keys, cloud credentials, browser configs, and unrelated projects. Sannux addresses this by wrapping each agent in a container and giving it access to only two folders: the project you want it to work on, and a dedicated home directory for that agent's own login tokens and configuration. The project provides nine templates, each pre-configured for a specific tool: Claude Code, Codex, Gemini, Hermes, opencode, Pi, and a remote development server, plus variants that point Claude Code and Codex at locally-running open-source models through Ollama instead of a cloud API. Each template lives in its own folder with a Dockerfile, a Docker Compose configuration, and setup scripts. You can use the whole collection from the repository root using the included justfile task runner, or copy a single template folder to a server and run it with plain Docker Compose. The README is clear about what isolation this does and does not provide. It prevents the agent from accessing your real home directory, reading credentials outside the mounted workspace, or one agent session interfering with another agent's login state. It does not prevent the agent from making network requests, does not protect against compromised container images, and is not a replacement for stronger sandboxing approaches that use virtual machines. The project describes itself as practical isolation for everyday agentic coding workflows rather than maximum-security containment. The templates support interactive terminal sessions, one-shot commands, scheduled unattended runs, and long-running daemon services managed through Compose. CPU and memory resource limits are built into every template. File ownership between the host and container is handled explicitly so files the agent writes in the workspace are owned by your host user, not by root.

Copy-paste prompts

Prompt 1
Set up the claude-code sannux template and run Claude Code isolated in a container.
Prompt 2
Explain what sannux protects against and what it does not protect against.
Prompt 3
Show me how to point the codex-ollama template at a local model instead of the OpenAI API.
Prompt 4
Walk me through copying a single sannux template to a VPS and running it with Docker Compose.

Frequently asked questions

What is sannux?

A set of Docker templates that isolate AI coding agents like Claude Code and Codex in containers so they cannot touch your real home directory or credentials.

What language is sannux written in?

Mainly Shell. The stack also includes Shell, Docker, Docker Compose.

How hard is sannux to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is sannux for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.