The default sandboxing works fine for me. It asks before running any command, and I can whitelist directories for reading and non-compound commands.
The default sandboxing works fine for me. It asks before running any command, and I can whitelist directories for reading and non-compound commands.
That's not a sandbox.
there is a real one though — https://www.anthropic.com/engineering/claude-code-sandboxing. needs to be enabled with /sandbox, not on by default.
Right, that's what I was referring to