/model silently wipes sandbox allowlist - security issue
Resolved 💬 5 comments Opened Apr 7, 2026 by askldjd Closed May 24, 2026
Related to #22659 (locked) and #17982. Filing separately because the security angle didn't survive those being closed as config persistence bugs.
What happens
Using /model rewrites ~/.claude/settings.json from scratch. Anything in permissions.allow is gone. Your sandbox restrictions just stop being enforced.
Steps to reproduce
- Add network/file restrictions to
~/.claude/settings.jsonviasandbox.network.allowedHosts. - Use
/modelto switch models - Check
settings.json— the allowedHosts is gone
Why this matters
Sandbox restrictions aren't config preferences, they're access controls. If they get silently wiped by a model switch, you might not notice until something that should've been blocked gets through.
This got closed as a dup twice already. I think this deserve a higher priority review because there is a serious security element involved.
Version
Claude Code 2.1.92
Fedora 43
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗