[Feature Request] Native sandbox support for Windows (non-WSL)
Description
The /sandbox feature — the single most impactful security setting in Claude Code — is unavailable on native Windows. It uses Seatbelt on macOS and bubblewrap on Linux, but has no Windows equivalent.
Impact
Without sandbox, permission deny rules only block Claude's built-in tools. Bash commands bypass them entirely. For example, Read(~/.ssh/**) in the deny list prevents the Read tool from accessing SSH keys, but Bash(cat ~/.ssh/id_rsa) would still work. The sandbox is what enforces deny rules at the OS level — without it, deny rules are a partial mitigation at best.
Windows users currently have no path to full security enforcement.
Existing Windows sandbox issues
Current filed issues (#43840, #45072, #37371, #46354) are about sandbox breaking on Windows/WSL. This is a feature request for native Windows sandbox support that doesn't require WSL — potentially using Windows Sandbox, AppContainers, or similar OS-level isolation mechanisms.
Environment
- Claude Code 2.1.84
- Windows 10 Pro 10.0.19045
This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗