ai-pod runs Claude Code inside isolated Podman containers so your AI has exactly the tools it needs — and nothing it shouldn't touch.
curl -fsSL
https://raw.githubusercontent.com/mismosmi/ai-pod/main/install.sh
| bash
Each workspace gets its own container with full isolation, persistent state, and fine-grained host access — all managed automatically.
Every directory gets a dedicated Podman container, named by a hash of its path. Projects can't interfere with each other.
A named volume preserves
~/.claude across sessions — your login,
memory, settings, and conversation history survive
container restarts.
Before mounting your workspace, ai-pod scans for secrets and credential files and prompts you to review or abort — keeping sensitive data out of the container.
Add an ai-pod.Dockerfile to any
project, starting from any base image. Node, Python,
Rust, Playwright — whatever your project needs.
Your host ~/.claude/settings.json and
CLAUDE.md
are merged with container defaults at launch, so
your personal Claude preferences follow you
everywhere.
The bundled host-tools binary lets
Claude run commands on the host machine. Every
command requires your explicit approval — with a
persistent allowlist for trusted ones.
When a Claude session ends, ai-pod sends a native desktop notification to the host so you know exactly when to come back.
Containers reach host services at
host.containers.internal, so Claude can
hit your local dev server, database, or API without
any manual port mapping.
ai-pod silently checks for new releases on startup and lets you know when there's a newer version available — no manual polling needed.
ai-pod handles container lifecycle, image building, server management, and credential checking automatically. You just run it.
The workspace is scanned for secrets before anything is mounted into a container.
Your ai-pod.Dockerfile is used to build
a project-specific image. Rebuilt only when the file
changes.
A lightweight background server starts on the host, bridging host-interaction requests from all containers.
Your workspace is mounted, settings are injected, and Claude Code starts inside the isolated container.
One command to launch. A handful more for everything else.
# Launch Claude in current directory ai-pod # Launch in a specific directory ai-pod --workdir /path/to/project # Force rebuild the container image ai-pod --rebuild # Resume the last Claude session ai-pod run claude resume # Open a shell in the container ai-pod run bash
# Create a custom Dockerfile ai-pod init # Build image without launching ai-pod build # List all Claude containers ai-pod list # Remove container for current workspace ai-pod clean # Skip credential scan ai-pod --no-credential-check
# Run a command on the host host-tools run-command ls ~/Desktop # Open a URL in the host browser host-tools run-command open https://example.com # List previously approved commands host-tools run-command --list # Send a desktop notification host-tools notify-user "Build finished"
# Start from any base image you need FROM node:22 # Add Playwright for browser testing RUN npx playwright install --with-deps # Install a project-specific MCP server RUN npm install -g @my-org/mcp-server
ai-pod is built around the assumption that you shouldn't have to fully trust the AI with your whole machine. Defense-in-depth, not just a checkbox.
Works on Linux and macOS. Requires Podman.
curl -fsSL
https://raw.githubusercontent.com/mismosmi/ai-pod/main/install.sh
| bash