Sandboxing - Claude Code
Filesystem and network isolation for Bash tool calls on Linux and macOS.
Sandboxing confines Bash tool execution to an allowlist of paths and hosts. It's how you let Claude run commands without granting the shell full reach into your machine.
What it does
On Linux and macOS, Claude Code can launch Bash calls inside a sandbox that restricts filesystem access to the project directory and network access to a configured allowlist. Commands that try to reach outside the allowed area fail fast with a clear error. This is the strongest containment option short of a full container.
When to use it
- Granting broad Bash access without worrying about rogue commands.
- Running untrusted or generated scripts safely.
- Multi-tenant environments where you can't trust every skill or prompt.
- Any setup where you want defense-in-depth on top of permission rules.
Gotchas
- Some tools need network access you might not have whitelisted. Watch for "blocked by sandbox" errors and allowlist specifically.
- Sandboxing has performance overhead - small for most work, noticeable for file-heavy tasks.
- Not available on Windows. Use WSL2 or a container instead.
Official docs: https://code.claude.com/docs/en/sandboxing.md
Technical content at the intersection of AI and development. Building with AI agents, Claude Code, and modern dev tools - then showing you exactly how it works.
Get the weekly deep dive
Tutorials on Claude Code, AI agents, and dev tools - delivered free every week.
Was this helpful?
Related Guides
Related Tools
Claude Code
Anthropic's agentic coding CLI. Runs in your terminal, edits files autonomously, spawns sub-agents, and maintains memory...
View ToolCodeburn
Interactive TUI dashboard that shows exactly where your Claude Code and Cursor tokens are going, in real time.
View ToolZed
High-performance code editor built in Rust with native AI integration. Sub-millisecond input latency. Built-in assistant...
View ToolCursor
AI-native code editor forked from VS Code. Composer mode rewrites multiple files at once. Tab autocomplete predicts your...
View ToolRelated Videos
Composio: Connect OpenClaw & Claude Code to 1,000+ Apps via CLI
Composio: Connect AI Agents to 1,000+ Apps via CLI (Gmail, Google Docs/Sheets, Hacker News Workflows) Check out Composio here: http://dashboard.composio.dev/?utm_source=Youtube&utm_channel=0426&utm_...
Claude Code Channels in 8 Minutes
Anthropic has released Channels for Claude Code, enabling external events (CI alerts, production errors, PR comments, Discord/Telegram messages, webhooks, cron jobs, logs, and monitoring signals) to b...
Claude Code Loops in 7 Minutes
Claude Code “Loop” Scheduling: Recurring AI Tasks in Your Session The script explains Claude Code’s new “Loop” feature (an evolution of the Ralph Wiggins technique) for running recurring prompts that...
Related Posts
Anthropic Sonnet 4.5 in Claude Code
Anthropic's Claude Sonnet 4.5 isn't just another model increment. The company claims they've observed it maintaining foc...
12 Tools in One Night: An Honest Overnight Agent Report
I told an agent to improve the site every 10 minutes and went to sleep. Here is what 12 new repos, 60 PRs, and three goo...
Agent Replays with TraceTrail: Loom for Agent Runs
Agent runs are opaque. TraceTrail turns a Claude Code JSONL into a public share link with a stepped timeline of messages...
