Context
Since Chief runs Claude Code with --dangerously-skip-permissions, users have no sandbox protection. Running agents inside Docker containers provides real filesystem and network isolation.
Problem
A user successfully containerized Chief manually, but ran into issues:
--dangerously-skip-permissions cannot be used with root/sudo privileges, so the in-container user must be configured as non-root- Claude crash logs were not exposed, making debugging the container setup difficult
- No documentation or tooling exists to help users set this up
Suggested solution
- Provide a Dockerfile or
chief init --docker command that sets up a containerized environment
- Possibly make this a step in the PRD creation flow (similar to how PRD creation is interactive)
- Document the non-root user requirement and other container gotchas
- Consider making containerized execution the default or strongly recommended mode
Context
Since Chief runs Claude Code with
--dangerously-skip-permissions, users have no sandbox protection. Running agents inside Docker containers provides real filesystem and network isolation.Problem
A user successfully containerized Chief manually, but ran into issues:
--dangerously-skip-permissionscannot be used with root/sudo privileges, so the in-container user must be configured as non-rootSuggested solution
chief init --dockercommand that sets up a containerized environment