[Bug] Sandbox blocks cwd-tracking writes on macOS, causing all bash commands to exit with code 1

Resolved 💬 8 comments Opened Mar 11, 2026 by muziyoshiz Closed May 16, 2026

Bug Description
Description:

When sandboxing is enabled (auto-allow mode) on macOS, every bash command fails with exit code 1 and the following error:

zsh:1: operation not permitted: /tmp/claude-502/cwd-<hash>

This occurs even for commands with no filesystem side effects (e.g., echo "hello"). The command itself executes and returns correct
output, but zsh exits with code 1 due to the sandbox blocking writes to the cwd-tracking file.

Steps to reproduce:

  1. Enable sandbox (auto-allow mode) via /sandbox
  2. Run any bash command, e.g. echo "hello"
  3. Observe exit code 1 and zsh: operation not permitted: /tmp/claude-502/cwd-<hash> in stderr

Expected behavior:

Claude Code's internal cwd-tracking mechanism (/tmp/claude-{uid}/cwd-*) should be whitelisted in the sandbox policy by default,
since it is an internal implementation detail of the Bash tool itself.

Attempted workaround:

Adding the following to settings.json does not resolve the issue:

  "sandbox": {
    "filesystem": {
      "allowWrite": [
        "//tmp/claude-502/**",
        "//private/tmp/claude-502/**"
      ]
    }
  }

The internal sandbox policy includes denyWithinAllow: ["/"] which appears to override user-configured allowWrite entries for paths
under /, making it impossible to whitelist this path from settings.json.

Environment:

  • macOS (Seatbelt sandbox)
  • Sandbox mode: auto-allow

Environment Info

  • Platform: darwin
  • Terminal: iTerm.app
  • Version: 2.1.72
  • Feedback ID: 1f2ecb6e-095b-4c5a-9bc9-067122a12e96

Errors

[]

View original on GitHub ↗

This issue has 8 comments on GitHub. Read the full discussion on GitHub ↗