[BUG] Sandbox violation error for Claude Code's own internal files
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Sandbox violation error for Claude Code's own internal files
Summary
When running git commands in sandbox mode, Claude Code triggers sandbox violations for its own internal session files in /tmp/claude-502/, generating "operation not permitted" errors even though the commands succeed.
Steps to Reproduce
- Run any git command in sandbox mode (e.g.,
git diff --name-only main..HEAD) - Observe the error output
Expected Behavior
Git commands should run cleanly in sandbox mode without any sandbox violation errors. The sandbox infrastructure should automatically whitelist its own internal directories.
Actual Behavior
Every sandboxed command produces an error like:
zsh:1: operation not permitted: /tmp/claude-502/cwd-fd19
The command still succeeds, but the error is logged.
Root Cause
Claude Code creates session-specific temporary directories (e.g., /tmp/claude-502/) for internal tracking files like cwd-fd19, but these directories are not added to the sandbox allowlist.
The sandbox configuration allows writes to:
/tmp/claude//private/tmp/claude/
But NOT to the dynamically-created session directories like /tmp/claude-502/.
Comparison to Cursor
Cursor IDE can run the exact same git commands in sandbox mode without triggering any sandbox violations. This indicates that Cursor properly whitelists its own session directories or uses a different approach that doesn't have this issue.
Technical Details
- The error comes from the sandbox infrastructure trying to access its own files
- The session directory appears to use a numeric suffix (502) which may be a session/process ID
- The sandbox should dynamically whitelist these directories at session initialization
- Configuration file:
/Library/Application Support/ClaudeCode/managed-settings.json
Impact
- Adds noise to command output
- Makes it harder to identify real errors
- Creates confusion about whether commands succeeded or failed
- Provides a poor user experience compared to competing tools
Environment
- OS: macOS (Darwin 25.2.0)
- Claude Code: 2.1.27
- Sandbox mode: Enabled
Suggested Fix
When Claude Code creates a session-specific temporary directory (e.g., /tmp/claude-502/), it should automatically add that directory to the sandbox's write allowlist during session initialization.
What Should Happen?
all the commands should succeed without permission errors
Error Messages/Logs
⏺ Bash(claude --version 2>&1 || echo "Version command not available")
⎿ Error: Exit code 1
zsh:1: operation not permitted: /tmp/claude-502/cwd-8e5d
2.1.27 (Claude Code)
Steps to Reproduce
Run any git command in sandbox mode (e.g., git diff --name-only main..HEAD)
(note: I am on a enterprise plan)
Claude Model
None
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
2.1.27
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
_No response_
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗