A lightweight FastAPI service that exposes sandbox file operations, command execution, and Claude Code orchestration through an OpenAI-style Chat Completions interface.
This project is designed for authorized local/controlled environments (self-hosted). It can execute commands and modify files on the server-side workspace—treat it as powerful infrastructure.
- OpenAI-style chat endpoint (SSE streaming)
POST /302/claude-code/chat/completions
- Sandbox utilities (scoped under
/302/claude-code/sandbox)- Health check:
GET /302/claude-code/sandbox/health - Command execution (sync + streaming)
- File operations (list / upload / download / rename / copy / move / remove / mkdir)
- Session workspace management (create/list/update/delete)
- Skill management (import from zip/GitHub, list/detail/delete)
- MCP server configuration (add/purge)
- Health check:
- Docker-first runtime
- Image includes Node.js 20 and installs
@anthropic-ai/claude-code - Runs as a non-root user inside the container
- Image includes Node.js 20 and installs
- Claude Code / chat
- Base:
/302/claude-code
- Base:
- Sandbox utilities
- Base:
/302/claude-code/sandbox
- Base:
Routers are assembled in app/api/routes.py.
- Edit
docker-compose.yml:
- Replace the token values under
ANTHROPIC_AUTH_TOKEN/AI302_API_KEY - Change the volume mount to a directory on your machine
- Start:
docker compose up --build- Health check:
curl http://localhost:8000/302/claude-code/sandbox/healthEnvironment variables (see app/core/config.py and docker-compose.yml):
| Variable | Description | Default |
|---|---|---|
APP_NAME |
FastAPI title | claude_code_sandbox_local_api |
DB_SQLITE_PATH |
SQLite DB path | app.db |
ROOT_SAVE_PATH |
Root directory used for workspaces and storage | (env-dependent) |
ANTHROPIC_BASE_URL |
Upstream API base | https://api.302.ai |
ANTHROPIC_AUTH_TOKEN |
Upstream auth token | (required) |
AI302_API_KEY |
Used by deploy path in chat logic | (optional) |
ANTHROPIC_DEFAULT_HAIKU_MODEL |
Default model name | gpt-5.2 |
- Streams SSE (
text/event-stream). - Accepts an OpenAI-like payload with
messages. - Uses a server-side workspace directory per
session_id. - If the last user message matches a slash command (e.g.
/command,/deploy), it may execute that path instead of Claude Code.
Example (minimal):
curl -N http://localhost:8000/302/claude-code/chat/completions \
-H "Content-Type: application/json" \
-d '{
"model": "gpt-5.2",
"stream": true,
"messages": [
{"role": "user", "content": "Create a Python script that prints hello"}
]
}'Session behavior:
- Provide
session_ideither in JSON (session_id) or via request headers (the handler checks multiple header variants). - The server emits an SSE event
session_idearly with{ session_id, workspace_path }.
Plan mode:
- Set
action: "plan"to run Claude Code with--permission-mode plan.
curl http://localhost:8000/302/claude-code/sandbox/healthcurl http://localhost:8000/302/claude-code/sandbox/execute \
-H "Content-Type: application/json" \
-d '{"command":"ls -la","cwd":"/home/user"}'Returns SSE events: start, output, error, done.
curl -N http://localhost:8000/302/claude-code/sandbox/execute/stream \
-H "Content-Type: application/json" \
-d '{"command":"echo hello && sleep 1 && echo world","cwd":"/home/user"}'All file endpoints are under /302/claude-code/sandbox.
POST /file/list
curl http://localhost:8000/302/claude-code/sandbox/file/list \
-H "Content-Type: application/json" \
-d '{"path":"/home/user","depth":2}'POST /file/download
format: "file"(stream file; directories zipped)format: "base64"(returns base64; directories zipped)format: "text"(text files only)
curl http://localhost:8000/302/claude-code/sandbox/file/download \
-H "Content-Type: application/json" \
-d '{"path":"/home/user/readme.txt","format":"text"}'POST /file/upload
Supports:
multipart/form-data- JSON with
fileas base64 or URL +path
POST /file/upload/batch
POST /file/operation
operation in: rename | copy | move | remove | mkdir
All session endpoints are under /302/claude-code/sandbox.
POST /project/initGET /sessionPOST /sessionDELETE /session
All skill endpoints are under /302/claude-code (not sandbox-prefixed in router assembly).
POST /302/claude-code/skills- Upload a zip or provide
github_url, the server extractsSKILL.mdmetadata and stores skill assets underROOT_SAVE_PATH/.claude/skills/...
- Upload a zip or provide
GET /302/claude-code/skills/listGET /302/claude-code/skills/detail?mode=view|edit&name=... կամ id=...DELETE /302/claude-code/skills
All MCP endpoints are under /302/claude-code/sandbox.
POST /mcp/add- Accepts one or more commands that must start with
claude mcp add ... - Can purge existing MCP servers first (
auto_purging=true)
- Accepts one or more commands that must start with
.
├─ app/
│ ├─ main.py # FastAPI app init + routers + DB lifespan
│ ├─ api/ # HTTP layer (routes, request/response)
│ ├─ core/ # config, command runner, IO, logging, git utils...
│ ├─ models/ # Peewee models (Skill, Session)
│ └─ repositories/ # DB repositories
├─ Dockerfile
├─ docker-compose.yml
└─ main.py # uvicorn entry: main:app
This project exposes file system and command execution capabilities via HTTP.
Recommended practices before exposing it to others:
- Run only in isolated environments (container/VM).
- Restrict network access (bind to localhost, reverse proxy auth, IP allowlist).
- Keep the mounted workspace limited to a dedicated directory.
- Treat uploaded content as untrusted.
Local run:
python -m venv .venv
# activate venv
pip install -r requirements.txt
uvicorn main:app --host 0.0.0.0 --port 8000 --reloadAdd your license here (e.g., MIT).