Claude YOLO Environment
This skill enables you to work effectively in the claude-yolo Docker-based Claude Code environment - a sandbox designed for maximum autonomy with maximum safety. The environment protects both the host machine and inexperienced users from well-intentioned but potentially dangerous actions.
Environment Overview
**Purpose:** Safe, isolated development environment for demos, experiments, and remote work
**Target Users:**
Sales Engineers (demoing safely)Forward-Deployed Engineers (customer environments)CTOs/Leadership (experimenting with Claude Code)Anyone wanting maximum autonomy with maximum safety**Key Features:**
Container isolation (non-root user, resource limits)Comprehensive logging (commands, git operations, safety checks)Pre-commit hooks with secrets scanningFull development toolchain (Cloud, Kubernetes, IaC, databases, Python)BypassPermissions mode enabled (true YOLO mode)Available Tools
**Core Development:** git, gh, jq, ripgrep, vim, nano, tmux, htop, tree
**Cloud Platforms:** aws, az (Azure), gcloud
**Container Orchestration:** kubectl, helm, k9s, docker, docker-compose
**Infrastructure as Code:** terraform/tofu, tfsec
**Databases:** psql, mysql, redis-cli, mongosh
**Python Ecosystem:** uv (primary package manager), ruff, mypy, pytest, bandit, pre-commit
**Security Tools:** gitleaks, detect-secrets, trivy
**Networking:** tailscale, openvpn, cloudflared, ttyd
**Build Tools:** make, cmake, gcc/g++, Node.js 20
File Structure
```
claude-yolo/
├── src/claude_yolo/ # Python package (CLI tool)
├── terraform/ # Infrastructure as Code
│ └── azure/ # Azure deployment modules
│ ├── acr/ # Azure Container Registry
│ ├── aci/ # Azure Container Instances
│ ├── vm/ # Azure Virtual Machines
│ └── scripts/ # Helper scripts
├── examples/ # Demo applications
├── demos/ # Sales engineering demos
├── docs/ # Documentation
├── tests/ # Test suite
└── .github/workflows/ # CI/CD pipelines
```
Safety Constraints
Container Isolation
Runs as non-root user (developer, UID 1001)Resource limits: 2 CPU cores, 4GB RAM (configurable via `.env`)Network isolation via Docker bridgeNo Docker-in-Docker accessGit Safety Hooks
**Pre-commit:** Scans for secrets (gitleaks, detect-secrets), large files, sensitive patterns**Pre-push:** Prevents force push to main/master, warns on direct pushesAuto-configured via `core.hooksPath`Pre-commit Framework
Secrets detection (gitleaks, detect-secrets)Python linting and formatting (ruff)Security scanning (bandit)File safety checks (large files, merge conflicts)Logging System
All operations are logged to shared volumes:
`/logs/commands/` - All shell commands with timestamps`/logs/claude/` - Claude Code session logs`/logs/git/` - Git operations`/logs/safety/` - Safety check resultsClaude Code Mode
BypassPermissions mode enabled by defaultTrue YOLO mode - autonomous operation without permission promptsSafety provided by container isolation and hooksFile Boundaries
**Safe to edit:**
`/workspace/*` - Main working directory`/config/*` - Configuration files`/scripts/*` - Custom scripts`Dockerfile`, `docker-compose.yml`, `.env`**Read-only:**
`/opt/config-templates/*` - Template files`/logs/*` - View only**Never touch:**
System directoriesVolume mount pointsVolume Mounts
`/home/developer` - Host home directory (configurable via `HOST_HOME`, default: `./home`)`/workspace` - Host workspace directory (configurable via `HOST_WORKSPACE`)`/logs` - Shared logs directory (configurable via `HOST_LOGS`)`/mnt/host-gitconfig` - Optional mount for host git config**Important:** Files created in bind mounts are owned by UID 1001. On Linux, you may need to adjust ownership with `sudo chown -R $USER ./home` if needed.
Networking Modes
The container supports two networking modes. **Recommend the appropriate mode based on user needs:**
Mode 1: Bridge Networking (Default)
**When to recommend:** Multi-container setups (databases, Redis, microservices)**Pros:** Docker DNS, network isolation, can join custom networks**Cons:** MCP OAuth callbacks won't work (requires manual port forwarding)**Config:** Uses `networks: - claude-network` (default)Mode 2: Host Networking (For MCP OAuth)
**When to recommend:** Single-container setup + user needs MCP server authentication**Pros:** All ports accessible, MCP OAuth works seamlessly, zero overhead**Cons:** Cannot join Docker networks, no service discovery**Config:** Use `claude-yolo run --mcp` flag (automatically applies host networking)**MCP OAuth Note:** Claude Code uses random ephemeral ports (49152-65535) for OAuth callbacks. Exposing this full range causes container startup hangs and extreme resource consumption.
**Decision Tree:**
Planning to add databases/microservices? → Bridge mode (default)Need MCP OAuth + single container only? → Host modeUnsure? → Start with bridge mode (default)Azure Infrastructure
OpenTofu/Terraform modules for deploying claude-yolo to Microsoft Azure:
Available Modules
**ACR (Azure Container Registry):**
Path: `terraform/azure/acr/`Cost: ~$5/month (Basic tier)Deploy time: ~3 minutesPrivate Docker registry for claude-yolo images**ACI (Azure Container Instances):**
Path: `terraform/azure/aci/`Cost: ~$30-40/month (2 vCPU, 4GB RAM)Deploy time: ~5 minutesBest for: Demos, development, quick testing**VM (Virtual Machines):**
Path: `terraform/azure/vm/`Cost: ~$30-70/month (depends on size)Deploy time: ~10 minutesBest for: Traditional deployments, persistent workloadsQuick Deploy Workflow
```bash
1. Deploy ACR
cd terraform/azure/acr
tofu init && tofu apply
2. Push image to ACR
cd ../scripts
./push-to-acr.sh --terraform-dir ../acr --project-dir /path/to/project
3. Deploy to ACI or VM
cd ../aci # or ../vm
tofu init && tofu apply
```
Demo Resources
5-minute sales demo: `demos/sales-engineering/5-minute-demo.md`Azure quick demo script: `demos/sales-engineering/azure-quick-demo.sh`Example app: `examples/fastapi-hello-world/`Azure quickstart guide: `docs/azure-quickstart.md`Common Commands
```bash
Set up safety features for a new project
/home/developer/scripts/setup-project-safety.sh /workspace/my-project
View logs
tail -f /logs/safety/checks.log
tail -f /logs/git/operations.log
tail -f /logs/commands/bash_history.log
Python projects (use uv as primary package manager)
uv init .
uv add <package>
uv run pytest
Azure deployment
cd terraform/azure/aci
tofu init && tofu apply
```
Development Approach
When working in this repository:
1. **Infrastructure Focus** - Changes typically involve Dockerfile, docker-compose, or shell scripts
2. **Safety First** - Every new capability should consider security implications
3. **User Protection** - Target users may be inexperienced; protect them from foot-guns
4. **Balance** - Maximum Claude Code autonomy within safety constraints
5. **Logging** - Ensure new features log appropriately for transparency
6. **Documentation** - Keep CLAUDE.md and README.md updated
Important Constraints
This environment is designed for users who may be disconnected from architecture detailsAlways prioritize safety and transparencyBypassPermissions mode is enabled - Claude Code has maximum autonomySafety is provided by container isolation, not by permission promptsAll operations are logged for transparencyFuture Roadmap
**Cloud Support:**
AWS (ECS, ECR, EC2) - Planned nextGCP (GCE, GCR, GKE) - RoadmapMulti-cloud (Kubernetes, Nomad) - FutureSee `terraform/azure/README.md` for comprehensive Azure documentation.