[DOCS] Settings and sandboxing docs omit `sandbox.filesystem.allowRead`
Documentation Type
Missing documentation (feature not documented)
Documentation Location
https://code.claude.com/docs/en/settings
Section/Topic
Sandbox settings / filesystem access rules
Current Documentation
The settings page currently lists these filesystem keys:
filesystem.allowWrite| Additional paths where sandboxed commands can write.filesystem.denyWrite| Paths where sandboxed commands cannot write.filesystem.denyRead| Paths where sandboxed commands cannot read.
The sandboxing page also says:
You can also deny write or read access usingsandbox.filesystem.denyWriteandsandbox.filesystem.denyRead.
There is no corresponding entry for sandbox.filesystem.allowRead.
What's Wrong or Missing?
Claude Code v2.1.77 added allowRead so users can re-allow read access inside broader denyRead regions.
Current docs describe allowWrite, denyWrite, and denyRead only, so users cannot discover or correctly configure the new read-override behavior.
Suggested Improvement
Add sandbox.filesystem.allowRead to the settings and sandboxing docs.
Suggested content:
- what
allowReaddoes - how it interacts with
denyRead - whether it merges across settings scopes like the other filesystem arrays
- an example with a broad deny and a narrower read exception
Impact
High - Prevents users from using a feature
Additional Context
Affected Pages:
| Page | Context |
|------|---------|
| https://code.claude.com/docs/en/settings | Sandbox settings table lists allowWrite, denyWrite, and denyRead, but not allowRead |
| https://code.claude.com/docs/en/sandboxing | Sandboxing guide explains write allowlists and read/write deny rules, but not read re-allow behavior |
Total scope: 2 pages affected
Source: Claude Code v2.1.77 release notes
Exact release entry:
AddedallowReadsandbox filesystem setting to re-allow read access withindenyReadregions
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗