Skip to main content
← back to extensions

Mudroom

@bixu/mudroomv2026.05.06.2· 2d agoMODELS·SKILLS
01README

Run Claude Code (and other workloads) inside a macOS apple/container sandbox. Creates one container per workspace — defaulting to the Microsoft typescript-node devcontainer image (Debian 12 bookworm-based, ships node, npm, git, gh, and gnupg) and overridable per sandbox. Bind-mounts the host workspace directory into the guest, and injects the host Claude Code credential so the guest session shares the host subscription without exposing secrets in argv. The trust boundary is the container itself: the host filesystem outside the bind-mounted workspace is not exposed, but inside the guest Claude has Bash(*) and full network egress. Mudroom is container-isolation, not Claude-permission-isolation — anything Claude does inside the box can curl, install packages, and write to the mounted workspace. Includes the mudroom host-side CLI wrapper and the mudroom-setup skill that installs a shell function pointing at the bundled binary.

02Models1
@bixu/mudroomv2026.05.06.1bixu-mudroom/mudroom.ts

Global Arguments

ArgumentTypeDescription
containerNamestringName used for the apple/container instance (also used as its ID)
workspaceHoststringHost filesystem path to bind-mount into the sandbox at /workspace.
imagestringOCI image used for the sandbox guest. Defaults to the signed
cpusnumberNumber of vCPUs allocated to the guest
memoryMibnumberMemory in MiB allocated to the guest
swampSourceHost?stringHost path to bind-mount read-only at /home/node/.swamp/source inside
sessionsHost?stringHost path to bind-mount read-write at /home/node/.claude/projects
fn prepareHost(installKernel?: boolean)
Ensure apple/container's apiserver is running and a kernel is
ArgumentTypeDescription
installKernel?booleanPass --enable-kernel-install (default: true). Set false if the
fn up()
Create the sandbox if it does not exist, then start it. Idempotent.
fn exec(command: array, workdir?: string, timeoutSeconds?: number)
Run a command inside the sandbox and capture stdout/stderr
ArgumentTypeDescription
commandarrayCommand and arguments (argv-style)
workdir?stringWorking directory inside the sandbox (defaults to /workspace)
timeoutSeconds?numberKill the command after this many seconds (client-side abort)
fn down()
Stop the sandbox. State is preserved for the next `up`.
fn destroy()
Stop and permanently delete the sandbox. Use this for full teardown.
fn provisionGuest()
First-run installer: probe the guest for required binaries
fn injectSwampAuth()
Mirror the host's `~/.config/swamp/auth.json` into the guest so
fn injectGhAuth()
Mirror the host's `gh auth token` and login into the guest's
fn injectGitIdentity()
Mirror the host's global `git config user.name`/`user.email`
fn injectClaudeAuth()
macOS-only: read the Claude Code subscription credential from

Resources

system(infinite)— apple/container system status (apiserver running, kernel installed)
container(infinite)— Current state of the mudroom sandbox
commandResult(infinite)— Result metadata for the most recent exec invocation
provisioning(infinite)— Whether the guest has had its required binaries (claude/swamp/
auth(infinite)— Outcome of the most recent credential-injection call. Multiple

Files

commandStdout(text/plain)— stdout captured from the most recent exec invocation
commandStderr(text/plain)— stderr captured from the most recent exec invocation
03Skills1
mudroom-setup1 file
04Previous Versions1
2026.05.06.1May 6, 2026
05Stats
A
100 / 100
Downloads
5
Archive size
35.2 KB
  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types1/1earned
  • Has description1/1earned
  • Platform support declared (or universal)2/2earned
  • License declared1/1earned
  • Verified public repository2/2earned
Repository
https://github.com/bixu/swamp-extensions
06Security Notice

This extension includes AI agent skills that can modify AI assistant behavior. Review the skill files before installing.

07Platforms
08Labels
#sandbox#claude-code#apple-container#security