[BUG] sandbox.filesystem.allowWrite not enforced when using --dangerously-skip-permissions

Resolved 💬 3 comments Opened Mar 12, 2026 by SwizzzleStyx Closed Apr 12, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

sandbox.filesystem.allowWrite restrictions do not work when Claude Code is run with --dangerously-skip-permissions. In practice the two features are mutually exclusive — bypass mode ignores any filesystem boundaries set in the sandbox config.

This matters because bypass mode is exactly when you most want filesystem guardrails. Users running long autonomous sessions want the speed of bypass mode without Claude being able to write outside the project directory.

What Should Happen?

sandbox.filesystem.allowWrite should be respected regardless of whether --dangerously-skip-permissions is active. The two settings should work together.

Error Messages/Logs

Steps to Reproduce

  1. Add sandbox.filesystem.allowWrite restrictions to your Claude Code config to limit writes to a specific project directory
  2. Launch Claude Code with --dangerously-skip-permissions
  3. Ask Claude to create or modify a file outside the restricted directory
  4. Claude writes the file successfully despite the sandbox restriction

Related: #29048 (closed as duplicate), #26616 (parent issue covering broader sandbox isolation)

Claude Model

Sonnet (default)

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

1.1.4498

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

Windows Terminal

Additional Information

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗