inner is a Linux CLI tool that runs agentic tools — Claude Code, Aider, interactive shells — in isolated, reproducible sandbox environments backed by bubblewrap (bwrap).
Agentic tools have broad filesystem access and execute arbitrary commands. inner provides a layer of isolation so you can run them safely:
- Process isolation via Linux kernel namespaces
- Filesystem separation — the sandbox sees only what you explicitly mount
- Environment sanitization — environment is cleared by default; git credentials are stripped when
[git]is configured in the profile - Security verification — detect if sensitive host resources leak into the sandbox
- Reproducibility — configuration-driven profiles define exactly what each run can access
- Linux (kernel namespaces required)
bwrap(bubblewrap) installed- Unprivileged user namespaces enabled (
/proc/sys/kernel/unprivileged_userns_clone= 1) - Go 1.24+ (to build from source)
git clone https://github.com/enr/inner
cd inner
./.sdlc/build
sudo cp ./bin/inner /usr/local/bin/innerOr download a pre-built binary from the releases page.
# check your environment
inner doctor
# interactive shell in the default sandbox
inner run
# Claude Code interactive session on a project
inner run -p claude-interactive -w ~/my-project
# one-shot agent task
inner run -p claude-one-shot -w ~/my-project --prompt "add docstrings to all exported functions"| Page | Description |
|---|---|
| Getting Started | Install, first run, environment check |
| Commands | Full command and flag reference |
| Profiles | Profile TOML configuration reference |
| Examples | Common usage patterns |
| Development | Build, test, release |