Comment by ctmnt
3 days ago
You can just set `"deny": ["Read(./.env)", "Read(./.env.*)"]` if you want to keep it simple and rely on Claude's own mechanisms.
3 days ago
You can just set `"deny": ["Read(./.env)", "Read(./.env.*)"]` if you want to keep it simple and rely on Claude's own mechanisms.
last time I tried allowing/denying tool usage I found a lot of bugs, so I stay away from that as much as I can. Opus is quite smart, rules/ work quite well for things like this in my experience. The way I see it, sandboxing is only really important for people doing specific stuff like pentests, games, adversarial stuff, etc.