[DOCS] Sandboxing docs missing Linux subprocess isolation and `CLAUDE_CODE_SCRIPT_CAPS`
Documentation Type
Missing documentation (feature not documented)
Documentation Location
https://code.claude.com/docs/en/sandboxing
Section/Topic
Linux subprocess sandboxing behavior when CLAUDE_CODE_SUBPROCESS_ENV_SCRUB is enabled, and the new CLAUDE_CODE_SCRIPT_CAPS env var.
Current Documentation
The environment variables reference currently says:
CLAUDE_CODE_SUBPROCESS_ENV_SCRUB— Set to1to strip Anthropic and cloud provider credentials from subprocess environments (Bash tool, hooks, MCP stdio servers).
The sandboxing page currently describes sandboxing in general terms:
The sandboxed bash tool uses OS-level primitives to enforce both filesystem and network isolation.
There is no documentation for CLAUDE_CODE_SCRIPT_CAPS, and no Linux-specific note that CLAUDE_CODE_SUBPROCESS_ENV_SCRUB now also enables PID namespace isolation for subprocesses.
What's Wrong or Missing?
Claude Code v2.1.98 expanded subprocess hardening, but the docs do not explain the new surface area:
A. Missing CLAUDE_CODE_SCRIPT_CAPS reference
Users cannot discover or configure the new per-session script invocation limit from the env-vars page.
B. Missing Linux PID namespace isolation behavior
The CLAUDE_CODE_SUBPROCESS_ENV_SCRUB docs still describe credential scrubbing only, so admins will miss that enabling it now also changes subprocess isolation on Linux.
C. Missing security/admin guidance
The sandboxing docs do not explain when to enable these controls, platform scope, or how they interact with existing sandbox settings.
Suggested Improvement
Update the docs in two places:
env-vars
- Add
CLAUDE_CODE_SCRIPT_CAPSwith syntax, units, and an example - Expand
CLAUDE_CODE_SUBPROCESS_ENV_SCRUBto mention Linux PID namespace isolation when enabled
sandboxing
- Add a subsection describing subprocess hardening on Linux
- Clarify that this is distinct from the main Bash sandbox but complementary to it
- Document intended use cases and any limitations/platform differences
Impact
Medium - Makes feature difficult to understand
Additional Context
Affected Pages:
| Page | Line(s) | Context |
|------|---------|---------|
| https://code.claude.com/docs/en/env-vars | 126 | CLAUDE_CODE_SUBPROCESS_ENV_SCRUB is documented, but only as credential scrubbing |
| https://code.claude.com/docs/en/env-vars | reference missing | No entry for CLAUDE_CODE_SCRIPT_CAPS |
| https://code.claude.com/docs/en/sandboxing | 11-18, 238-254, 312-314 | Sandboxing concepts are documented, but not the new Linux subprocess-isolation behavior |
Total scope: 3 pages affected
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗