[BUG] Sandbox violation error for Claude Code's own internal files

Resolved 💬 3 comments Opened Jan 31, 2026 by sluo-sc Closed Feb 4, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Sandbox violation error for Claude Code's own internal files

Summary

When running git commands in sandbox mode, Claude Code triggers sandbox violations for its own internal session files in /tmp/claude-502/, generating "operation not permitted" errors even though the commands succeed.

Steps to Reproduce

  1. Run any git command in sandbox mode (e.g., git diff --name-only main..HEAD)
  2. Observe the error output

Expected Behavior

Git commands should run cleanly in sandbox mode without any sandbox violation errors. The sandbox infrastructure should automatically whitelist its own internal directories.

Actual Behavior

Every sandboxed command produces an error like:

zsh:1: operation not permitted: /tmp/claude-502/cwd-fd19

The command still succeeds, but the error is logged.

Root Cause

Claude Code creates session-specific temporary directories (e.g., /tmp/claude-502/) for internal tracking files like cwd-fd19, but these directories are not added to the sandbox allowlist.

The sandbox configuration allows writes to:

  • /tmp/claude/
  • /private/tmp/claude/

But NOT to the dynamically-created session directories like /tmp/claude-502/.

Comparison to Cursor

Cursor IDE can run the exact same git commands in sandbox mode without triggering any sandbox violations. This indicates that Cursor properly whitelists its own session directories or uses a different approach that doesn't have this issue.

Technical Details

  • The error comes from the sandbox infrastructure trying to access its own files
  • The session directory appears to use a numeric suffix (502) which may be a session/process ID
  • The sandbox should dynamically whitelist these directories at session initialization
  • Configuration file: /Library/Application Support/ClaudeCode/managed-settings.json

Impact

  • Adds noise to command output
  • Makes it harder to identify real errors
  • Creates confusion about whether commands succeeded or failed
  • Provides a poor user experience compared to competing tools

Environment

  • OS: macOS (Darwin 25.2.0)
  • Claude Code: 2.1.27
  • Sandbox mode: Enabled

Suggested Fix

When Claude Code creates a session-specific temporary directory (e.g., /tmp/claude-502/), it should automatically add that directory to the sandbox's write allowlist during session initialization.

What Should Happen?

all the commands should succeed without permission errors

Error Messages/Logs

⏺ Bash(claude --version 2>&1 || echo "Version command not available")                                                                                                
  ⎿  Error: Exit code 1                                                                                                                                              
     zsh:1: operation not permitted: /tmp/claude-502/cwd-8e5d                                                                                                        
                                                                                                                                                                     
     2.1.27 (Claude Code)

Steps to Reproduce

Run any git command in sandbox mode (e.g., git diff --name-only main..HEAD)

(note: I am on a enterprise plan)

Claude Model

None

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

2.1.27

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗