Running Claude Code locally is annoying since you have to deal with permissions and agents interfering with each other (and you have to be at your computer), but running Claude Code on the web is annoying because the cloud environment is so limited1.

What if we could run Claude Code for the web but on our machines? Through the magic of Claude Code writing Claude Code code, I made a local app for this.

Announcing Clawed Abode32: A web app you can run on your own home computer which runs Claude Code without permission prompts in ephemeral containers, and with the ability to install packages, run containers, use caches, and access the GPU.

Claude training a toy model using a GPU.

Permissions and Sandboxing

The runners can probably do whatever they want with the permissions of the host user they run as. There is no networking sandboxing whatsoever and an attacker can potentially convince Claude to upload any files it can see.

Claude is running with --dangerously-skip-permissions, and it has a Podman4 user-level socket passed in from the host to the runner container. A Docker-like socket is sufficient to view all files owned the user it runs as, which is why we don't give it a root-level socket.

For additional safety, you can run Clawed Abode as an unprivileged user separate from your normal user account5. You can sandbox this even further with systemd but I think realistically the worst thing an attacker could convince Claude to do is exfiltrate files, which you can prevent by ensuring Claude can't read your normal user's files.

Anthropic Subscriptions

By default this uses whatever authentication you have configured in the user's ~/.claude, which means it does use Claude subscriptions. I think we're allowed to subscriptions instead of API keys for this, since it's really just an elaborate tmux session running the real version of Claude Code served over HTTP, but Anthropic has a sort-of confusing policy around this so I guess we'll see.

If you work at Anthropic and don't like this, please let me know.

Features

GPU support

Presumably Anthropic doesn't offer GPUs since they're expensive, but I already have one and want to be able to use it.

Claude can actually see and use my GPU for ML training.

Docker

Docker support is actually through Podman4, which lets us run as a normal user6 instead of root.

Claude running a Docker container without root on my machine.

Gradle (Android)

I expect this to be fixed in real Claude Code one day, but their current network setup breaks Gradle7 in a way that I can't find any workaround for.

Claude is surprisingly OK at writing working Android code without being able to run the linters or unit tests, but it's a lot more consistent if it can.

Remote Access

Since this exposes local access to your computer (even if we do try to sandbox it), I was pretty paranoid about security, so I'm using Tailscale for remote access8. To actually log into this, you need to be on the Tailscale VPN and have a password9.

Anyway, wrapping another binary with multiple levels of containers is complicated and this isn't the most reliable code I've ever worked on, but I figured I'd post about this since it's incredibly useful despite the warts and maybe other people will find it interesting too.

  1. Things you can't do in Claude Code's cloud environment:

    • Run Gradle at all7 (i.e. no Android apps)
    • Cache dependencies
    • Build or run Docker images
    • Install packages with apt
    • Use a GPU for ML

  2. Originally Clawed Burrow, renamed when I had a better pun name.