← Back to context

Comment by CGamesPlay

19 days ago

I do this, and routinely shadow commands with my own wrappers to do things like set environment variables.

And then there’s Claude. It deletes whatever it finds at ~/.local/bin/claude, so I have to use a shell function instead to invoke the full path to my wrapper.

7 comments

CGamesPlay

Reply
e1g  19 days ago

You can use an alias, which takes priority over $PATH. e.g. I have this in .zhsrc to override the "claude" executable to run it in the OS sandbox:

    alias claude="sandbox-exec -f ~/agents-jail.sb ~/.local/bin/claude --dangerously-skip-permissions"

  • plagiarist  19 days ago

    How does your sandbox ruleset look? I've been using containers on Linux but I don't have a solution for macOS.

    • e1g  19 days ago

      Here's my ruleset https://gist.github.com/eugene1g/ad3ff9783396e2cf35354689cc6...

      My goal is to prevent Claude from blowing up my computer by erasing things it shouldn't touch. So the philosophy of my sanboxing is "You get write access to $allowlist, and read access to everything except for $blocklist".

      I'm not concerned about data exfiltration, as implementing it well in a dev tool is too difficult, so my rules are limited to blocking highly sensitive folders by name.

      4 replies →