Enable Sandbox Mode to Isolate Bash Commands
Tired of approving every bash command Claude wants to run? Sandbox mode gives you the best of both worlds: Claude runs commands freely within a restricted environment that limits filesystem and network access.
> /sandbox
Or enable it in your settings:
{
"sandbox": {
"enabled": true,
"autoAllowBashIfSandboxed": true
}
}
With autoAllowBashIfSandboxed set to true, Claude can run bash commands without prompting you, because the sandbox restricts where those commands can write and what network access they have.
You can fine-tune what the sandbox allows:
{
"sandbox": {
"enabled": true,
"filesystem": {
"allowWrite": ["/tmp/build", "./output"],
"denyRead": ["~/.aws/credentials"]
},
"network": {
"allowedDomains": ["github.com", "*.npmjs.org"]
},
"excludedCommands": ["git", "docker"]
}
}
Commands in excludedCommands run outside the sandbox, useful for tools like git and docker that need broader system access.
Sandbox mode works on macOS, Linux, and WSL2. If you need it as a hard requirement (for enterprise policies), set failIfUnavailable: true so Claude Code won't start without a working sandbox.
Let Claude work autonomously within boundaries you define.
Log in to leave a comment.
When Claude writes error messages, button labels, validation text, or onboarding flows, it defaults to generic developer-speak. Add a "Users" section to your CLAUDE.md describing who your actual users are — their technical level, industry jargon, and what they care about — so Claude writes copy that makes sense to THEM, not to developers.
Use the --agent flag with custom markdown files in .claude/agents/ to launch purpose-built Claude sessions with restricted tools and scoped system prompts.
Every project has traps — the billing module that silently fails if you forget to queue the job, the legacy table with column names that don't match the model, the config value that must be set before tests run. Document these gotchas in your CLAUDE.md so Claude avoids the same mistakes your team spent days debugging.