[FEATURE] Allow configuration of custom sandbox profiles
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Hello everyone,
During a test of the sandbox, I've discovered that with the current sandbox policy, it is possible to enumerate and read the arguments and environment variables of most processes running on the system under macOS.
Even though storing secrets in environment variables is considered an anti-pattern, many tools require it, and these can leak into the Claude sandbox.
I understand that it may not be practical for all users to adjust the policy. However, it would be useful to be able to pass completely separate sandbox policies to the Claude config, so that our security team has more control over the sandbox.
Example: we want to set (deny sysctl-read (sysctl-name-prefix "kern.proc"))) or something similar, and it gets merged with your seatbelt profile.
Thank you.
Proposed Solution
I want to be able to set something like that in the settings.json:
{
"$schema": "https://json.schemastore.org/claude-code-settings.json",
...
"sandbox": {
"enabled": true,
"extraProfiles": {
"darwin": [
"./company-seatbelt-policy.sb"
]
}
}
}
Alternative Solutions
_No response_
Priority
Critical - Blocking my work
Feature Category
CLI commands and flags
Use Case Example
_No response_
Additional Context
_No response_
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗