Enable Sandbox Mode to Isolate Bash Commands
Tired of approving every bash command Claude wants to run? Sandbox mode gives you the best of both worlds: Claude runs commands freely within a restricted environment that limits filesystem and network access.
> /sandbox
Or enable it in your settings:
{
"sandbox": {
"enabled": true,
"autoAllowBashIfSandboxed": true
}
}
With autoAllowBashIfSandboxed set to true, Claude can run bash commands without prompting you, because the sandbox restricts where those commands can write and what network access they have.
You can fine-tune what the sandbox allows:
{
"sandbox": {
"enabled": true,
"filesystem": {
"allowWrite": ["/tmp/build", "./output"],
"denyRead": ["~/.aws/credentials"]
},
"network": {
"allowedDomains": ["github.com", "*.npmjs.org"]
},
"excludedCommands": ["git", "docker"]
}
}
Commands in excludedCommands run outside the sandbox, useful for tools like git and docker that need broader system access.
Sandbox mode works on macOS, Linux, and WSL2. If you need it as a hard requirement (for enterprise policies), set failIfUnavailable: true so Claude Code won't start without a working sandbox.
Let Claude work autonomously within boundaries you define.
Log in to leave a comment.
The autoUpdatesChannel setting pins Claude Code to a stable release track that skips versions with major regressions.
The language setting makes Claude respond in your preferred language by default, across every session and project.
The attribution setting lets you customize or completely remove Claude's Co-Authored-By trailer from git commits and pull requests.