[DOCS] Sandboxing network-access prompt flow is outdated for auto mode and bypassPermissions

Open 💬 3 comments Opened Apr 8, 2026 by coygeek

Documentation Type

Incorrect/outdated documentation

Documentation Location

https://code.claude.com/docs/en/sandboxing

Section/Topic

"Network isolation", "Sandbox modes", and "When Claude Code attempts to access network resources outside the sandbox"

Current Documentation

The sandboxing docs currently say:

* User confirmation: New domain requests trigger permission prompts (unless allowManagedDomainsOnly is enabled, which blocks non-allowed domains automatically)

and later:

When Claude Code attempts to access network resources outside the sandbox: 1. The operation is blocked at the OS level 2. You receive an immediate notification 3. You can choose to: Deny the request Allow it once * Update your sandbox configuration to permanently allow it

The permission-modes docs also say:

Auto mode lets Claude execute without permission prompts.
bypassPermissions mode disables permission prompts and safety checks so tool calls execute immediately.

Those pages do not explain how sandbox network access prompts behave in auto mode or bypassPermissions mode.

What's Wrong or Missing?

Changelog v2.1.97 says: "Improved auto mode and bypass-permissions mode to auto-approve sandbox network access prompts."

The current docs still describe sandbox network access requests as a manual approval flow, with no mode-specific exception for auto mode or bypassPermissions. That leaves the documented behavior ambiguous or outdated:

A. The sandboxing page still describes a universal prompt flow

Readers are told that new domain requests trigger permission prompts and that they can manually deny, allow once, or permanently allow the request.

B. The permission-modes page does not connect those modes to sandbox network prompts

Auto mode and bypassPermissions are described as prompt-free, but the docs never explicitly state that sandbox network access prompts are auto-approved in those modes.

Users who rely on the sandboxing docs for security expectations can reasonably assume network boundary crossings will still stop for review, which is no longer true after v2.1.97.

Suggested Improvement

Update the sandboxing and permission-modes docs to describe sandbox network access behavior by permission mode.

Minimum fix:

  • In sandboxing, add a note in the network-isolation and sandbox-modes sections that sandbox network access prompts are auto-approved in auto mode and bypassPermissions mode.
  • In permission-modes, add a short cross-reference clarifying that this no-prompt behavior also applies to sandbox network access prompts.
  • Clarify how this interacts with allowManagedDomainsOnly and allowedDomains so readers know when requests are auto-approved versus blocked outright.

Suggested content outline:

Sandbox network access prompts by mode Regular permissions flow: network access requests can prompt for approval Auto mode: sandbox network access prompts are auto-approved bypassPermissions: sandbox network access prompts are auto-approved allowManagedDomainsOnly: non-allowed domains are blocked automatically rather than approved

Impact

Medium - Makes feature difficult to understand

Additional Context

Affected Pages:

| Page | Context |
|------|---------|
| https://code.claude.com/docs/en/sandboxing | Network isolation and outside-the-sandbox network prompt flow still describe manual approval |
| https://code.claude.com/docs/en/permission-modes | Auto mode and bypassPermissions are described as prompt-free, but this page does not explicitly cover sandbox network access prompts |

Total scope: 2 pages affected

Source: Changelog v2.1.97

Exact changelog entry:

Improved auto mode and bypass-permissions mode to auto-approve sandbox network access prompts

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗