[FEATURE] Add `deniedDomains` to sandbox network settings
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
In enterprise environments, administrators need to explicitly block specific domains from being accessed by AI agents while still allowing broad network access. Currently, Claude Code's settings.json only exposes allowedDomains
under sandbox.network, which only supports an allowlist approach. There is no way to maintain a blocklist of domains that should never be accessed (e.g., competing code hosting platforms, known data exfiltration endpoints, or
sensitive internal services). The underlying sandbox-runtime already supports deniedDomains and evaluates them before allowedDomains, but Claude Code does not wire this through.
Proposed Solution
Add deniedDomains to the sandbox.network section of Claude Code's settings schema, wired through to sandbox-runtime via the existing --control-fd config update mechanism:
``json``
{
"sandbox": {
"network": {
"allowedDomains": ["*.example.com"],
"deniedDomains": ["restricted.example.com"]
}
}
}
deniedDomains should take precedence over allowedDomains (as it already does in sandbox-runtime) and support the same wildcard pattern format (e.g., *.example.com). It should follow the same settings hierarchy (managed → user →
project).
Alternative Solutions
Currently the only workaround is to avoid broad wildcard patterns in allowedDomains and enumerate every allowed domain individually, which is tedious and error-prone.
Priority
Medium - Would be very helpful
Feature Category
Configuration and settings
Use Case Example
An admin allows *.company.com in allowedDomains so agents can access internal services, but needs to block secrets.company.com or vault.company.com. Without deniedDomains, there's no way to achieve this — you'd have to list
every individual *.company.com subdomain except the restricted ones.
Additional Context
- sandbox-runtime already implements this:
deniedDomainsis checked beforeallowedDomainsinfilterNetworkRequest() - The filtering applies to both HTTP and SOCKS5 proxies
- The
NetworkConfigSchemain sandbox-runtime already validatesdeniedDomainsusing the same domain pattern schema asallowedDomains
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗