What Is claude-in-box?
claude-in-box is one of the best AI Coding Agents tools for developers, indie hackers, and CTOs who need to run Claude Code on a real server and control it from anywhere. It is built around a single Docker container that exposes a web UI, structured event stream, and compatible HTTP APIs over one port, while keeping Claude Code in interactive REPL mode for subscription-backed usage. The repository ships as MIT licensed and is designed for amd64 and arm64 hosts.
Quick Overview
| Attribute | Details |
|---|---|
| Type | AI Coding Agents |
| Best For | developers, indie hackers, and CTOs who want remote Claude Code sessions |
| Language/Stack | Docker, Linux PTY sessions, FastAPI/Uvicorn, WebSocket, SSE, Anthropic/OpenAI-compatible HTTP APIs |
| License | MIT |
| GitHub Stars | N/A as of Feb 2026 |
| Pricing | Open-Source |
| Last Release | N/A |
Who Should Use claude-in-box?
- Solo builders who want Claude Code on a box that stays online, rather than tied to a laptop or terminal multiplexer.
claude-in-boxgives you a persistent server endpoint, session resume, and browser access without forcing every client to speak terminal. - Platform and infrastructure teams that need a single, auditable place to run AI-assisted coding work with hooks, proxy routing, and session lifecycle control. The container boundary becomes the operational boundary, which is cleaner than scattering local CLI installs across machines.
- API-first teams that need Anthropic-compatible or OpenAI-compatible transport without reworking existing SDKs.
claude-in-boxis useful when your automation already expects/v1/messagesor/openai/v1/chat/completionsand you want Claude to sit behind that interface. - Hardware-constrained clients like phones, tablets, embedded devices, or MCUs that cannot run the full Claude Code stack locally. The slim SSE and AES endpoints let tiny clients drive a real remote session.
Not ideal for:
- Teams that only need a local CLI on one developer workstation and do not care about remote access, session replay, or API compatibility.
- Users who want a fully managed cloud SaaS and do not want to operate Docker, volumes, authentication, and port exposure.
- Workloads that require hard multitenant isolation per customer;
claude-in-boxis better treated as a self-hosted control plane than a public shared service.
Key Features of claude-in-box
- Single-port control plane — Web UI, REST, WebSocket, SSE, and the AES envelope all terminate on one exposed port, so ingress rules stay simple and reverse proxies are easy to configure. That matters when you want to front the box with Nginx, Tailscale, or a tunnel without juggling multiple listeners.
- PTY-backed Claude Code sessions —
claude-in-boxruns Claude Code in interactive REPL mode inside a virtual TTY, which is what enables subscription billing and true live interaction. Multiple clients can attach to the same session, and sessions survive disconnects. - Typed event streaming — Instead of screen-scraping terminal output, the control plane emits structured frames for text deltas, tool calls, todo updates, token usage, status changes, stop reasons, and model metadata. That is the difference between building a brittle remote TUI mirror and building a real machine-readable agent backend.
- Session lifecycle controls — You can create, attach, resume, kill, and switch models mid-flight. Resumed sessions map back to Claude Code transcript files under
~/.claude/projects/<hash>/<session>.jsonl, which makes persistence explicit and inspectable. - Multi-protocol API adapters — The box exposes native REST/WS/SSE endpoints plus Anthropic-compatible
POST /v1/messagesand OpenAI-compatiblePOST /openai/v1/chat/completionsroutes. That makes it a practical backend for existing SDKs, internal bots, and agent runners that were written before Claude Code existed. - Built-in service bundle — The image can start
redis,postgres,nginx, anddockerselectively viaCIB_SERVICES, and it ships with a real developer toolchain: Node 22, Python 3, Go 1.25, Rust,ripgrep,fd,jq,curl,tmux,vim, andbuild-essential. In practice,claude-in-boxis not a toy wrapper; it is a remote Linux dev box with an agent attached. - Hooks and outbound routing — Lifecycle hooks fire on events like permission requests, and a transparent SOCKS5 layer can reroute all outbound traffic through a single upstream proxy. This is the right abstraction if you need compliance logging, egress control, or a corporate network path.
claude-in-box vs Alternatives
| Tool | Best For | Key Differentiator | Pricing |
|---|---|---|---|
| claude-in-box | Remote Claude Code sessions with browser, API, and PTY access | One Dockerized server exposes structured events, session replay, and Anthropic/OpenAI-compatible adapters | Open-Source |
| Claude Code | Local interactive coding with Anthropic's native CLI | Minimal setup and direct first-party workflow, but no built-in remote control plane | Paid |
| Claude Code Canvas | Browser-first supervision of Claude Code tasks | Better if you want a UI layer without self-hosting the full session broker | Open-Source |
| OpenSwarm | Multi-agent orchestration across tasks and workers | Better when the main problem is coordinating many agents, not exposing one Claude session | Open-Source |
Pick Claude Code if you only need the native local terminal experience and do not care about remote access or API adaptation. Pick Claude Code Canvas if your team wants a lighter browser companion for task oversight rather than a full server. Pick OpenSwarm when the problem is distributed agent orchestration, not a single persistent Claude runtime.
How claude-in-box Works
claude-in-box works by wrapping a full Linux environment in a Docker container and running Claude Code inside a PTY so the agent stays in interactive mode. The control plane then observes the live session through hooks and typed frames, which means the UI and APIs consume structured state rather than parsing terminal escape sequences. That design is why the same session can be rendered in a web terminal, a transcript timeline, or an SDK-friendly stream.
The container is also the security and execution boundary. Because tools run inside the sandboxed environment, the default bypass-permission mode is practical: the box can expose --dangerously-skip-permissions while still firing permission request events when you want a human or policy layer to step in. If you need to pair this with context orchestration or prompt-shaping workflows, it complements tools like Claude Context Mode rather than replacing them.
docker run --rm -p 8080:8080 \
-e ANTHROPIC_API_KEY="$ANTHROPIC_API_KEY" \
-e CIB_SERVICES=redis,postgres \
-v "$PWD/.claude:/home/claude/.claude" \
ghcr.io/jiangmuran/claude-in-box:latest
That command starts the control plane on port 8080, enables two bundled services, and persists Claude credentials and session state in a mounted volume. After startup, you open the web panel, authenticate with the boot-time master API key, and either sign in through the in-container Claude login flow or select an API-key-backed session mode.
Pros and Cons of claude-in-box
Pros:
- Real remote session model — You are not screen-sharing a local terminal; you are exposing a stateful Claude Code runtime with attach, resume, and kill semantics.
- Structured streaming — JSON frames for tool calls, todos, and token usage are much easier to ingest than terminal scraping or log tailing.
- SDK compatibility — Anthropic and OpenAI adapters reduce integration work for existing bots, agent runners, and internal tooling.
- Persistent state — Session transcripts live on disk, so restarts do not erase context or force a fresh conversation.
- Multi-arch support — The same image targets
linux/amd64andlinux/arm64, which is useful on cloud VMs and ARM servers. - Operational hooks — Lifecycle events and SOCKS5 routing give you more control than a plain CLI wrapper.
Cons:
- Self-hosting overhead — You own the container runtime, storage, auth, port exposure, and updates.
- Security responsibility — Running Claude Code with permission prompts bypassed shifts trust to the container boundary, so host hardening matters.
- Not a full agent orchestrator — It manages Claude sessions well, but it is not built to coordinate fleets of heterogeneous agents the way a swarm system would.
- Docs-heavy setup — The flexibility is real, but teams that want a single
npm installstyle workflow will find the deployment model heavier. - Limited by Claude Code semantics — Since the box wraps Claude Code, it inherits its interactive-session constraints and billing model.
Getting Started with claude-in-box
The fastest path is to run the container, expose port 8080, and keep a volume mounted for ~/.claude so session state survives restarts. If you want bundled services, set CIB_SERVICES before first boot; if you only need the control plane, leave it unset.
docker pull ghcr.io/jiangmuran/claude-in-box:latest
docker run --rm -p 8080:8080 \
-e ANTHROPIC_API_KEY="$ANTHROPIC_API_KEY" \
-e CIB_SERVICES=nginx,redis \
-v "$PWD/claude-home:/home/claude/.claude" \
ghcr.io/jiangmuran/claude-in-box:latest
After the container boots, open http://localhost:8080, log in with the master API key shown at startup, and create your first session from the dashboard. If you want subscription billing, use the in-web auth flow so the container runs claude /login internally; if you want API-key billing, set the key in the container or session config and start working immediately.
Verdict
claude-in-box is the strongest option for remote Claude Code sessions when you need one server to expose browser access, API compatibility, and live PTY control from a single port. Its strongest advantage is the structured event stream and multi-protocol surface; the main caveat is that you must operate the Docker environment yourself. Use it when you want self-hosted control, not a managed SaaS.
