[BUG] sandbox.filesystem.allowWrite not enforced when using --dangerously-skip-permissions
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
sandbox.filesystem.allowWrite restrictions do not work when Claude Code is run with --dangerously-skip-permissions. In practice the two features are mutually exclusive — bypass mode ignores any filesystem boundaries set in the sandbox config.
This matters because bypass mode is exactly when you most want filesystem guardrails. Users running long autonomous sessions want the speed of bypass mode without Claude being able to write outside the project directory.
What Should Happen?
sandbox.filesystem.allowWrite should be respected regardless of whether --dangerously-skip-permissions is active. The two settings should work together.
Error Messages/Logs
Steps to Reproduce
- Add
sandbox.filesystem.allowWriterestrictions to your Claude Code config to limit writes to a specific project directory - Launch Claude Code with
--dangerously-skip-permissions - Ask Claude to create or modify a file outside the restricted directory
- Claude writes the file successfully despite the sandbox restriction
Related: #29048 (closed as duplicate), #26616 (parent issue covering broader sandbox isolation)
Claude Model
Sonnet (default)
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
1.1.4498
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
Windows Terminal
Additional Information
_No response_
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗