AI coding agents like Claude Code are powerful, but they ask for permission a lot. Every file read, every bash command, every tool invocation: it's permission prompt after permission prompt.
That's a good thing. These guardrails exist for your safety because AI agents can make mistakes. Another risk is prompt injection attacks, where malicious content tricks the AI into executing harmful commands on your system.
But sometimes you want to hand off a complex task and let Claude Code run autonomously without babysitting every action. Claude Code offers a --dangerously-skip-permissions flag for this, but the name says it all:
Without permission gates, you're one prompt injection away from a compromised system.
The solution? Run Claude Code inside a Docker container. The official security documentation recommends this approach: use DevContainers to create isolated environments where Claude Code can operate freely without risking your host machine.
Why Containers Work
Containers give you both speed and security:
- Isolation: AI agents operate in a sandbox. If something goes wrong, only the container is affected.
- File System Protection: Agents can only access directories you explicitly mount. Personal files, system configs, and sensitive data remain untouched.
What Works Well
- Code generation and modification: Claude can read, write, and modify files
- Terminal commands: Run tests, analyzers, linters, package managers
- Version control: Git operations work normally
- Basic IDE Integration: You can open your project in Cursor/VSCode, navigate the codebase, and edit files.
What Doesn't Work
- Simulators/Emulators: iOS and Android emulators require native platform support (macOS for iOS, more complex setup for Android)
- Visual testing: Can't see app UI running inside the container
In this guide, I'll walk you through setting up a DevContainer for Claude Code with Flutter support. By the end, you'll have a secure sandbox where you can run --dangerously-skip-permissions without the actual danger.
Prerequisites: Install Docker
DevContainers require Docker. Install Docker Desktop for your platform and verify it's running before proceeding:
Step 1: Install the Dev Containers Extension
- VSCode users: Install the Dev Containers and Container Tools extensions.
- Cursor users: Install the "Cursor Dev Containers" extension by Anysphere:
To better understand how containers work, read: Developing inside a Container.
Step 2: Add the DevContainer Configuration
Clone one of these repositories to get the .devcontainer folder:
- Claude Code only: anthropics/claude-code
- Claude Code + Flutter: bizz84/claude-code-flutter-devcontainer
Copy the .devcontainer folder into your project root:
Step 3: Open the Project in the Container
Close and reopen your project. You should see "Reopen in Container":
Click it. The container will build and you'll see "Container Claude Code Sandbox":
Verify the setup: Open a terminal and run pwd. You should see /workspace rather than the project root in your local filesystem:
This confirms your project is mounted inside the container. Any commands executed here affect only the container, not your host machine.
Step 4: Set Up Claude Code in the Container
Run claude in the terminal. You'll see the initial setup process:
That's because the container has its own Claude Code installation and it doesn't share credentials with your host machine. Log in with your Claude subscription or Console account:
Complete the setup steps. You only need to do this once per container. Subsequent runs will go straight to the Claude Code prompt:
Step 5: Run Claude Code Without Permission Prompts
Remember the original goal? We want to safely bypass all permission prompts when running Claude Code.
Run this:
claude --dangerously-skip-permissions
Claude Code will display a warning:
Accept it. Since you're inside a sandboxed container, Claude Code can only affect the mounted project and your host system remains protected.
Step 6: Flutter Support
If you used the Claude Code + Flutter DevContainer, you'll be set with a minimal Flutter setup inside the container.
To test it, you can run flutter doctor, and you should see something like this:
Doctor summary (to see all details, run flutter doctor -v):
[✓] Flutter (Channel stable, 3.38.3, on Debian GNU/Linux 12 (bookworm) 6.10.14-linuxkit, locale en_US.UTF-8)
[✗] Android toolchain - develop for Android devices
✗ Unable to locate Android SDK.
Install Android Studio from: https://developer.android.com/studio/index.html
On first launch it will assist you in installing the Android SDK components.
(or visit https://flutter.dev/to/linux-android-setup for detailed instructions).
If the Android SDK has been installed to a custom location, please use
`flutter config --android-sdk` to update to that location.
[✗] Chrome - develop for the web (Cannot find Chrome executable at google-chrome)
! Cannot find Chrome. Try setting CHROME_EXECUTABLE to a Chrome executable.
[✗] Linux toolchain - develop for Linux desktop
✗ clang++ is required for Linux development.
It is likely available from your distribution (e.g.: apt install clang), or can be downloaded from https://releases.llvm.org/
...
[✓] Connected device (1 available)
[✓] Network resources
This means that you can run flutter sub-commands such as analyze, test, pub directly from the terminal or via Claude Code. But you can't use flutter run to run the app from the container (more on this below).
Flutter IDE Integration
The Dart and Flutter extensions that were installed in your local machine won't automatically work inside the container.
To fix this, open the extension panel and install them inside the Container.
Additionally, hit CMD+SHIFT+P > Flutter: Change SDK and ensure this points to /opt/flutter:
This ensures you get proper syntax highlighting within the containerized IDE. If this doesn't work right away, hit CMD+SHIFT+P > Dart: Restart Analysis Server.
Running Flutter Apps from the Container?
Unfortunately, you can't use flutter run to run the app from the container, since the provided Dockerfile doesn't install any platform-specific tools like Chrome, Android Studio, or Xcode.
As a workaround, you can open two IDE windows: one for the container and one for your host machine.
- Container: For running AI agents and bypassing permission prompts
- Host machine: For running the app manually and testing the UI
Here's an example showing things side-by-side:
In practice, you'll toggle between the two IDEs as needed, making better use of your screen real estate.
Container vs Host: When to Use Each
Use the Container for:
- Web research on untrusted sources (mitigate prompt injection)
- Long-running autonomous tasks (no constant approval needed)
- New feature development (code generation + file modifications)
- Running MCP servers (which may have security vulnerabilities)
- Parallel execution (useful for benchmarking or testing multiple approaches)
- Installing/updating packages (supply chain attack protection)
- Exploring third-party codebases (unknown code can't affect host)
Use the Host for:
- Testing the UI (needs simulators/emulators)
- Debugging with breakpoints (IDE debugger integration)
- Hot reload during iteration (faster feedback loop)
- Quick, targeted fixes (verify changes immediately)
The pattern that emerges: let AI handle the repetitive, high-volume work while you focus on decisions that require human judgment—UI polish, debugging complex state, and verifying the app behaves correctly.
Bonus: Run Claude Code from a Standalone Terminal
Sometimes you don't need an IDE at all. Maybe you're running Claude Code on a remote VPS, or you just want a lightweight terminal-only workflow for tasks like code generation or refactoring.
You can use the devcontainer CLI to run containers without VS Code or Cursor:
# Install the CLI (once)
npm install -g @devcontainers/cli
# Start the container (only works if the .devcontainer folder is present)
devcontainer up --workspace-folder .
# Run Claude Code inside it
devcontainer exec --workspace-folder . claude --dangerously-skip-permissions
Or start an interactive shell session:
devcontainer exec --workspace-folder . zsh
Example:
This is useful for:
- VPS or cloud servers: Run autonomous AI agents on remote machines
- CI/CD pipelines: Automate code generation or refactoring tasks
- Lightweight workflows: Skip the IDE overhead when you only need the terminal
Bonus: Useful aliases
To make development faster, I have included these useful aliases in a file called .zshrc_dev:
# Aliases for Flutter commands
alias fclean="flutter clean"
alias fpg="flutter pub get"
alias fpu="flutter pub upgrade"
alias brb="dart run build_runner build -d"
alias brw="dart run build_runner watch -d"
alias fpgbrb="fpg && brb"
alias fpgbrw="fpg && brw"
# Aliases for Claude Code
alias c-dsp='claude --dangerously-skip-permissions'
# Custom prompt or other configurations
echo "🚀 Flutter Dev Environment Ready!"
To use these aliases in the container, copy the file to your home directory:
cp .zshrc_dev ~/.zshrc_dev
Then, rebuild and reopen the container, and the file will be loaded automatically.
As a result, you'll be able to run the aliases directly:
fpg # same as flutter pub get
c-dsp # same as claude --dangerously-skip-permissions
Conclusion
You now have a secure setup for running AI agents without permission prompts:
- DevContainer isolation ensures Claude Code can only access your mounted project
--dangerously-skip-permissionslets Claude Code run autonomously- Your host machine remains protected from prompt injection attacks
This approach gives you the productivity benefits of autonomous AI agents while maintaining the security boundaries that matter.
More importantly, it changes how you work. Instead of approving every file read and command, you define the task, let Claude Code execute, and review the results. Your role shifts from supervisor to architect—setting direction, evaluating outcomes, and handling the parts that still require human judgment.
Source Code and Support for Other Agentic IDEs and Tools
You can find my custom .devcontainer files on GitHub:
This enables Dev Containers on Cursor, VSCode and Claude Code within the built-in terminal.
If you'd like to add support for Codex and Gemini, feel free to open a PR. 🙂
Note: Antigravity uses the Open VSX marketplace, which doesn't have a Dev Containers extension. If you figure out how to use Dev Containers with Antigravity, please let me know! Meanwhile, you should probably stay away from it. 😱
Happy coding!
