Claude now has access to a server-side container environment
anthropic.com656 points by meetpateltech 4 days ago
656 points by meetpateltech 4 days ago
I just published an extensive review of the new feature, which is actually Claude Code Interpreter (the official name, bafflingly, is Upgraded file creation and analysis - that's what you turn on in the features page at least).
I reverse-engineered it a bit, figured out its container specs, used it to render a PDF join diagram for a SQLite database and then re-ran a much more complex "recreate this chart from this screenshot and XLSX file" example that I previously ran against ChatGPT Code Interpreter last night.
Here's my review: https://simonwillison.net/2025/Sep/9/claude-code-interpreter...
These days, I spend time training people using this kind of tools. I am glad it's called as such. It's much comfortable to explain to a tech person that it's "badly named" and that it should have been named "Code Interpreter" instead than explaining to a non tech that the "Code Interpreter" feature is a new cool way to generate documents. Most people are not that comfortable with technology, so avoiding big words is a nice to have.
I've nicked a sentence from your article to use as the title above. Hope that's clearer!
https://news.ycombinator.com/newsguidelines.html
> Otherwise please use the original title, unless it is misleading or linkbait; don't editorialize.
The word "container" doesn't even appear in the original post from Anthropic, let alone "server-side container environment."
Often in these conversations we forget that editing is different from editorializing. Editing can make meaning clearer! (In this example, reactions are mixed as to whether it was successful).
Editorializing, on the other hand, is about adding clickbait or bias.
Yup, that's the rule. I changed the title because the original one was arguably misleading (in much the way that calling a computer a 'file creator and editor' might be), but of course these are not exact arguments and YMMV.
Way less clear. Anthropic did it right and wrote about the “so what” instead of focusing on the underlying mechanics.
I find the new headline to be much more clear. Perhaps because I imagined Claude to already be able to "edit and create files" via Claude Code; the server-side container is the key difference.
Yeah, that was my initial confusion: Claude can already create files using both the Artifacts feature and Claude Code, so "Claude can now create and edit files" didn't sound like a new feature to me. Finding out this was actually a full-blown sandboxed container environment with both Python and Node.js was far more interesting.
The original headline made absolutely no sense to me, as a Claude user, and did not in fact convey what this would be used for.
Claude already has the ability to make or edit files, as artifacts in the web interface, and with the Write tool in Code.
Likewise, I read the original title and skipped over it because I assumed someone posted about the feature, not knowing it has been available for months already.
yeah thats editorializing man, and not the good kind. leave that to simonw's blog.
I was a bit surprised by the pushback on this edit, which seems to me no different than the kind of editing we do day-in-day-out, and have done for a good 15 years.
Editorializing, in my understanding, is introducing spin or opinion, or cherry-picking a detail to highlight only one aspect of a story. It seems to me that this edit doesn't do that because it actually broadens the information in the title and corrects a misleading impression given by the original. The only way I could see this being a bad edit is if it's not actually true that Claude now has access to a server-side container environment. If it's accurate then it surely includes the file-creating-and-editing stuff that was spoken about before, along with a lot more important information—arbitrary computation is rather more than just editing files! No?
Given their relationship with AWS, I wonder if this feature just runs the agent core code interpreter behind the scenes.
> Version Control
> github.com
pour one out for the GitLab hosted projects, or its less popular friends hosted on bitbucket, codeberg, forgejo, sourceforge, sourcehut, et al. So dumb.
I’m sure they’ll add support, they literally just launched
(a) it's not that GitLab just launched
(b) it's an allowlist rule, not rocket science
(c) where's all this mythical "agent gonna do all the things for me" world?
Whitelisting these hosts mean they become extraction vectors for prompt manipulation. In fact it’s mentioned in the grant parent’s article at the end. So yes, it takes a while to do this right.
> (c) where's all this mythical "agent gonna do all the things for me" world?
If you're in a hurry: via mcp servers.
If you're not in a hurry, more and more of these kind of capabilities will end up getting integrated directly.
If they made Git decentralised, so that you could mirror stuff on github, it might solve that issue!
This feature is a little confusing.
It looks to me like a variant of the Code Interpreter pattern, where Claude has a (presumably sandboxed) server-side container environment in which it can run Python. When you ask it to make a spreadsheet it runs this:
pip install openpyxl pandas --break-system-packages
What's weird is that when you enable it in https://claude.ai/settings/features it automatically disables the old Analysis tool - which used JavaScript running in your browser. For some reason you can have one of those enabled but not both.
The new feature is being described exclusively as a system for creating files though! I'm trying to figure out if that gets used for code analysis too now, in place of the analysis tool.
It works for me on the https://claude.ai web all but doesn't appear to work in the Claude iOS app.
I tried "Tell me everything you can about your shell and Python environments" and got some interesting results after it ran a bunch of commands.
Linux runsc 4.4.0 #1 SMP Sun Jan 10 15:06:54 PST 2016 x86_64 x86_64 x86_64 GNU/Linux
Ubuntu 24.04.2 LTS
Python 3.12.3
/usr/bin/node is v18.19.1
Disk Space: 4.9GB total, with 4.6GB available
Memory: 9.0GB RAM
Attempts at making HTTP requests all seem to fail with a 403 error. Suggesting some kind of universal proxy.
But telling it to "Run pip install sqlite-utils" worked, so apparently they have allow-listed some domains such as PyPI.
I poked around more and found these environment variables:
HTTPS_PROXY=http://21.0.0.167:15001
HTTP_PROXY=http://21.0.0.167:15001
Anthropic have their own self-issued certificate to intercept HTTPS.
Turns out the allowlist is fully documented here: https://support.anthropic.com/en/articles/12111783-create-an...
This is now an extensive blog post: https://simonwillison.net/2025/Sep/9/claude-code-interpreter...
> Linux runsc 4.4.0
Ubuntu 24.04.2 runs on GNU/Linux 6.8+ 4.4.0 is something from Ubuntu 14.04
Runsc 4.4.0 is the gVisor[1] runtime - "an application kernel that implements a Linux-like interface" - not Linux.
Odds are the new container and old JavaScript are using the same tool names/parameters. Or, perhaps, they found the tools similar enough that the model got confused having them both explained.
Anyone else having serious reliability issues with artifact editing? I find that the artifacts quite often get "stuck", where the LLM is trying to edit the artifact but the state of the artifact does not change. Seems like the LLM is somehow failing in editing the artifact silently, while thinking that it is actually doing the edits. The way to resolve this is to ask Claude to make a new artifact, which then has all the changes Claude thought it was making. But you have to do this relatively often.
I saw this yesterday. I was asking it to update an SQL query and it was saying, 'I did this' and then that wasn't in the query. I even saw it put something in the query and then remove it, and then say 'here it is'.
Maybe it's because I use the free tier web interface, but I can't get any AI to do much for me. Beyond a handful of lines (and less yesterday) it just doesn't seem that great. Or it gives me pages of javascript to show a date picker before I RTFM and found it's a single input tag to do that, because it's training data was lots of old and/or bad code and didn't do it that way.
Yes every 10 edits or so. Super annoying. It is limiting how often I bother using the tool
I have had the same problem with artifacts, and I had similar problems several months ago with Claude Desktop. I stopped using those features mostly and use Claude Code instead. I don't like CC's terminal interface, but it has been more reliable for me.
It edits it for me but it tries to edit it "in place" where it messes up the version history and it looks very broken and often times is broken afterwards. Don't know why they broke their best feature while ChatGPT Canvas just works.
This has been super annoying! I just tell it to make sure the artifact is updated and it usually fixes it, but it's annoying to have to notice/keep an eye on it.
Quite regularly.
I instruct artifacts to not be used and then explicitly provide instruction to proceed with creation when ready.
My experience is similar. At first Claude was super smart and get even very complicated things right. Now even super simple tasks are almost impossible to finish right, even if I really chop things into small steps. Also it's much slower even on Pro account than a few weeks ago.
I'm on the $200 / month account and its also slower than a few weeks ago. And struggling more and more.
I used to think of it as a decent sr dev working alongside me. Not it feels like an untrained intern that takes 4-5 shots to get things right. Hallucinated tables, columns, and HTML templates are its new favorite thing. And calling things "done" that aren't even half done and don't work in the slightest.
Same plan, same experience. Trying to get it to develop and execute tests and it frequently modifies the test to succeed even if the libraries it calls fail, and then explains that it’s doing so because the test itself works but the underlying app has errors.
Yes, I know. That’s what the test was for.
Anthropic, if you're listening, please allow zoned access enforcement within files. I want to be able to say "this section of the file is for testing", delineated by comments, and forbid Claude from editing it without permission.
My fear when using Claude is that it will change a test and I won't notice.
Splitting tests into different files works but it's often not feasible, e.g. if I want to write unit tests for a symbol that is not exported.
I've had some middling success with this by utilizing CLAUDE.md and language features. Two approaches in C#: 1) use partial classes and create a 'rule' in CLAUDE.md to never touch named files, e.g. User.cs (edits allowed) User.Protected.cs (not allowed by convention) and 2) a no-AI-allowed attribute, e.g. [DontModifyThisClassOrAttributeOrMethodOrWhatever] and instructions to never modify said target. Can be much more granular and Claude Code seems to respect it.
Does already, read the docs
I think a link would have been far more helpful than "RTFM". Especially for those of us reading this exchange outside of the line of fire.
Don't put the onus (Opus!) on me! Just a dad approach to helping. If there's enough time to writ prose about the problem you could at least rtfm first!
If you know something is covered by the documentation it's useful to provide a link, especially if that documentation is difficult to find.
(I couldn't find that documentation when I went looking just now.)
Step 1: https://docs.anthropic.com
Step 2: Type 'Allowed Tools'
Step 3: Click: https://docs.anthropic.com/en/docs/claude-code/sdk/sdk-headl...
Step 4: Read
Step 5: Example --allowedTools "Read,Grep,WebSearch"
Step 6: Profit?