> ## Documentation Index
> Fetch the complete documentation index at: https://docs.clawker.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Clawker — Self-Hosted AI Coding Agent Sandbox

> Free, open-source sandbox to run Claude Code in Docker on your own machine. A self-hosted AI coding agent sandbox with a deny-by-default egress firewall, prompt-injection and data-exfiltration protection, git credential forwarding, and parallel git-worktree agents — no cloud, no subscription.

# Clawker

**Clawker is a free, open-source, self-hosted AI coding agent sandbox.** It runs [Claude Code](https://docs.anthropic.com/en/docs/claude-code) (and other AI coding agents) inside isolated Docker containers on your own machine — no cloud, no subscription, your repo stays on your own machine, never uploaded to a vendor sandbox.

The rise of agentic AI has been meteoric, but in the rush to ship model harnesses the industry keeps skipping the risks that come with them. Letting an agent run with `--dangerously-skip-permissions` on your bare-metal machine is fast — until a prompt injection turns it into a data-exfiltration tool with full access to your credentials and network. The harness itself needs a harness.

Clawker is that harness. It pairs real network isolation — a **deny-by-default egress firewall** that blocks outbound traffic except to domains you allow — with git credential forwarding and parallel git-worktree agents, so you get the convenience of local, parallel Claude Code agents *and* the network security to run them safely. It fills the gap between cloud agent sandboxes (isolated, but your code leaves your machine and you pay for it) and other local agent runners (free, but with no egress control): self-hosted agent infrastructure that is both fully local and security-deep.

<CardGroup cols={2}>
  <Card title="Quick Start" icon="terminal" href="/quickstart">
    Get up and running with Clawker in minutes
  </Card>

  <Card title="Installation" icon="square-terminal" href="/installation">
    All installation methods: Homebrew, curl, source build
  </Card>

  <Card title="Configuration" icon="sliders" href="/configuration">
    Configure projects with .clawker.yaml
  </Card>

  <Card title="CLI Reference" icon="code" href="/cli-reference/clawker">
    Complete command reference for all CLI commands
  </Card>
</CardGroup>

## What Is an Agent?

In Clawker, an **agent** is a named container instance running Claude Code. Each agent gets its own isolated environment with its own filesystem, network, and credentials. You can run multiple agents per project (e.g., `--agent dev`, `--agent review`) and they operate independently.

```bash theme={"dark"}
clawker run -it --agent dev @     # Start a "dev" agent
clawker run -it --agent review @  # Start a "review" agent in parallel
```

## What Clawker Does

* **Default-on firewall** -- Blocks outbound traffic except allowlisted domains (Anthropic APIs, package registries). Your agent can't phone home to unexpected endpoints.
* **Seamless credential forwarding** -- SSH agent, GPG agent, and Git HTTPS credentials forwarded from your host. No manual key copying.
* **Isolated agent environments** -- Each Claude Code agent runs in its own Docker container with configurable security controls
* **Bind or snapshot workspaces** -- Mount your repo for live editing, or copy it for pure isolation
* **Embedded Dockerfile template** -- Parameterized images with common dev tools preinstalled, supporting Alpine or Debian bases
* **Project-scoped namespacing** -- Multi-agent, multi-project isolation via Docker labels and naming conventions
* **Git worktree integration** -- Spin up agents on separate branches with automatic worktree management and hardened unattended-session lockdown. See [Worktree Caveats](/worktrees#worktree-caveats).
* **Command aliases** -- One-word shortcuts that expand to full invocations (`clawker go dev`), shareable with your team via project config. See [Command Aliases](/aliases).
* **Monitoring stack** -- Optional OpenTelemetry Collector + OpenSearch + OpenSearch Dashboards + Prometheus for agent observability
* **Per-decision egress observability** -- eBPF event stream (`allowed` / `denied` / `bypassed`) flows to OpenSearch alongside Envoy and CoreDNS access logs, so bypass windows leave a full audit trail. See [Egress Observability](/observability).

## How It Works

Clawker sits between your CLI and Docker, adding a security and convenience layer:

```
You (CLI) -> Clawker -> pkg/whail (label-isolated Docker engine) -> Docker SDK -> Docker
```

Every container, volume, network, and image created by Clawker is tagged with `dev.clawker.*` labels. Clawker only sees and manages its own resources -- it cannot touch anything outside its label scope.
