Daedalus - The Craftsman's Solution

Containing a Claude Code agent

The Myth

In Greek mythology, Daedalus is the engineer. King Minos needed a place to put the Minotaur, a dangerous creature that could not be controlled. So he asked Daedalus to solve this problem for him. As a solution, Daedalus didn’t just build a cage. Instead, he built the Labyrinth: an architectural solution to a containment problem. The creature inside could move and act freely without the King having to worry about his palace.

That’s the whole idea of my latest hobby project.

The problem

Recently I’ve been building quite a few coding projects using Claude Code. It is amazing what can be accomplished with an agent like that.

However, if you’ve ever tried to use Claude Code for anything genuinely autonomous, such as overnight refactors, batch migrations, long-running agent loops, etc., then you’ve hit the wall I was hitting: Claude will ask for permission to write a file. Then to run a command. Then to make a network call. Each prompt is reasonable and sensible. But added together they make it impossible to operate an agent unattended. You’re not running an agent; you’re babysitting one.

Anthropic has provided us with a solution however: the `--dangerously-skip-permissions` flag. The name is clear: without containment, this flag *is* dangerous. Enabling this flag could remove your whole home directory if you’re not careful. If you run this on bare metal then you’ve handed Claude the keys to your machine.

But here’s what the name obscures: the flag isn’t the problem. It’s the solution. It’s the only way to run Claude Code without a human in the loop for every action. The problem is running it without a Labyrinth. And that is where my little project comes in.

The solution

My tool does what any reasonable person would do: it wraps Claude Code in a Docker container. A maze in which Claude can do anything it likes. The container mounts exactly two things: your project directory and a persistent home for Claude’s config and session state. Your system files, your credentials, your other projects: Claude cannot see them, because they’re not mounted. The container is the trust decision. You make it once, at launch, by choosing what to give Claude access to. After that, Claude works without interruption.

The container runs with all Linux capabilities dropped and a non-root user with no privilege escalation — so if something goes wrong inside, the blast radius is the container. The project directory is writable; the rest of your machine isn’t on the map.

Inside that boundary, `--dangerously-skip-permissions` runs safely.

But wait, there’s more

Now the agent is able to work independently. Awesome. However, I did not want to keep watching them continuously. I have other things to do. That is why we want the agents.

What I wanted was the ability to communicate with the agent, leave, and then resume exactly where I left off with all history and view intact.

Just keeping a shell open was a possibility, but that lasts just as long as I keep my shell(s) alive. Sometimes I wanted to start an agent remotely via ssh, but that would mean

the shell died on every disconnect.

But! A solution was available in the form of tmux, a terminal multiplexer. It allows me to exit and re-enter shells at will.

Daedalus wraps every session in tmux, so the container keeps running even when you’re not attached. Reconnect later and you’re back inside the same session, mid-thought. For overnight runs or anything you want to start and check on later, this is the feature that makes the workflow real rather than theoretical.

Getting your project started in Daedalus is done in a single command:

cd /path/to/project
daedalus my-app

That’s it. Daedalus builds the Docker image if it doesn’t exist, registers the project, wraps the session in tmux, and drops you into Claude Code. Next time you run daedalus my-app , it picks up where you left off.

Just can’t get enough

As I mentioned at the beginning, I’ve been building quite a few coding projects.

Now what if I could leverage Daedalus for managing the overview as well?

To this end I’ve built two UIs: a terminal and web UI.

Running daedalus tui opens a keyboard-driven dashboard: start, stop, attach, and switch between projects without juggling terminals. The web UI daedalus web) gives you the same dashboard in a browser, with an embedded terminal for attaching to live sessions. Both are thin surfaces over the same core — nothing is duplicated, nothing is inconsistent.

Projects are registered in a lightweight local registry. Per-project configuration (which build target, whether to enable debug mode) persists across runs. Shell completions, a man page, and session history round out the day-to-day ergonomics.

Conclusion

The name isn’t accidental. Daedalus the craftsman built the Labyrinth because containment was the problem, and he solved it architecturally. The same instinct is here: don’t fight the flag, don’t add more prompts, don’t build a longer leash. Build the right walls, and then let Claude work.

The creature inside can move freely. The boundary holds.

If you are interested in the progress, you can visit Daedalus at the website and the corresponding GitHub page.