[FEATURE] Add `deniedDomains` to sandbox network settings

Resolved 💬 2 comments Opened Mar 17, 2026 by camshrun Closed Apr 15, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

In enterprise environments, administrators need to explicitly block specific domains from being accessed by AI agents while still allowing broad network access. Currently, Claude Code's settings.json only exposes allowedDomains
under sandbox.network, which only supports an allowlist approach. There is no way to maintain a blocklist of domains that should never be accessed (e.g., competing code hosting platforms, known data exfiltration endpoints, or
sensitive internal services). The underlying sandbox-runtime already supports deniedDomains and evaluates them before allowedDomains, but Claude Code does not wire this through.

Proposed Solution

Add deniedDomains to the sandbox.network section of Claude Code's settings schema, wired through to sandbox-runtime via the existing --control-fd config update mechanism:

``json
{
"sandbox": {
"network": {
"allowedDomains": ["*.example.com"],
"deniedDomains": ["restricted.example.com"]
}
}
}
``

deniedDomains should take precedence over allowedDomains (as it already does in sandbox-runtime) and support the same wildcard pattern format (e.g., *.example.com). It should follow the same settings hierarchy (managed → user →
project).

Alternative Solutions

Currently the only workaround is to avoid broad wildcard patterns in allowedDomains and enumerate every allowed domain individually, which is tedious and error-prone.

Priority

Medium - Would be very helpful

Feature Category

Configuration and settings

Use Case Example

An admin allows *.company.com in allowedDomains so agents can access internal services, but needs to block secrets.company.com or vault.company.com. Without deniedDomains, there's no way to achieve this — you'd have to list
every individual *.company.com subdomain except the restricted ones.

Additional Context

  • sandbox-runtime already implements this: deniedDomains is checked before allowedDomains in filterNetworkRequest()
  • The filtering applies to both HTTP and SOCKS5 proxies
  • The NetworkConfigSchema in sandbox-runtime already validates deniedDomains using the same domain pattern schema as allowedDomains

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗