Comment by crabmusket
21 hours ago
What is the consensus on Claude Code's built-in sandboxing?
https://code.claude.com/docs/en/sandboxing#sandboxing
> Claude Code includes an intentional escape hatch mechanism that allows commands to run outside the sandbox when necessary. When a command fails due to sandbox restrictions (such as network connectivity issues or incompatible tools), Claude is prompted to analyze the failure and may retry the command with the dangerouslyDisableSandbox parameter.
The ability for the agent itself to decide to disable the sandbox seems like a flaw. But do I understand correctly that this would cause a pause to ask for the user's approval?
Afraid that it regularly bypasses requests for confirmation...
[0] https://github.com/anthropics/claude-code/issues/14268
[1] https://github.com/anthropics/claude-code/issues/13583
[2] https://github.com/anthropics/claude-code/issues/10089
It's trivially easy to get Claude Code to go out of its sandbox using prompting alone.
Side note: I wish Anthropic would open source claude code. filing an issue is like tossing toilet paper into the wind.
Don't depend on the thing to protect you from the thing