Expose sandbox state to hook scripts

Resolved 💬 2 comments Opened Apr 10, 2026 by jthurne Closed May 24, 2026

Problem

PreToolUse hook scripts have no way to detect whether sandbox mode is currently active at runtime. This makes it impossible to conditionally skip hook logic that is redundant when the sandbox is enforcing constraints.

Use case

I have PreToolUse hooks that escalate potentially dangerous rg and find commands (e.g., rg --pre, find -exec) to "permissionDecision": "ask". When sandbox mode is enabled, these guards are redundant — the sandbox already constrains what commands can do. I'd like the hooks to exit early (do nothing) when sandbox is active, avoiding unnecessary permission prompts.

Investigation

I tested both the environment variables and the stdin JSON passed to hooks with sandbox enabled vs disabled. They are identical — no field or variable indicates sandbox state:

  • Env vars: No CLAUDE_SANDBOX, CLAUDE_SANDBOX_ENABLED, or similar variable
  • Hook stdin JSON: Contains cwd, hook_event_name, permission_mode, session_id, tool_input, tool_name, tool_use_id, transcript_path — no sandbox field

Checking sandbox.enabled in settings.json doesn't work because the user can toggle sandbox on/off at runtime via /sandbox, and the file may not reflect the current session state.

Proposed solution

Either (or both):

  1. Add an is_sandboxed boolean field to the common hook input JSON
  2. Set a CLAUDE_SANDBOX_ENABLED environment variable during hook execution

This would allow hooks to trivially detect sandbox state:

# Option 1: check stdin JSON
if echo "$input" | jq -e '.is_sandboxed == true' >/dev/null 2>&1; then
  exit 0
fi

# Option 2: check env var
if [[ "${CLAUDE_SANDBOX_ENABLED:-}" == "1" ]]; then
  exit 0
fi

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗