Interesting, but do these native sandboxes limit access only to specific files? And I'm not sure, but when these agents invoke a system command, is that also sandboxed, or is it only the agent process itself that's sandboxed (assuming that is even useful)?
moderation|1 month ago
"These OS-level restrictions ensure that all child processes spawned by Claude Code’s commands inherit the same security boundaries." [0]
There is a rich deny and allow system for file access that can be used in conjunction with the sandbox [1]
0. https://code.claude.com/docs/en/sandboxing#os-level-enforcem...
1. https://code.claude.com/docs/en/settings#excluding-sensitive...