[BUG] Write tool bypasses sandbox filesystem write restrictions that Bash tool correctly enforces
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
The built-in Write tool ignores sandbox filesystem write restrictions configured in settings.json. When sandbox is configured with denyWrite: ["/"] and a limited allowWrite list, the Write tool successfully creates files outside the allowed paths without any error or permission prompt.
What Should Happen?
The Write tool should be blocked from writing files outside the allowWrite list, the same way the Bash tool correctly enforces these restrictions. Writing to a restricted path should fail with a permission error.
Error Messages/Logs
Steps to Reproduce
- Configure settings.json with sandbox restrictions:
{
"sandbox": {
"enabled": true,
"failIfUnavailable": true,
"filesystem": {
"denyWrite": ["/"],
"allowWrite": ["/your/project/dir", "/tmp"],
"denyRead": ["/your/parent/dir"],
"allowRead": ["/your/project/dir"]
}
}
}
- Ask Claude to write a file to a path outside allowWrite using the Write tool.
Example: "Create hello.txt in the parent directory with some content"
- Observe that the file is created successfully at the restricted path.
- For comparison, ask Claude to do the same via Bash tool:
echo "test" > /restricted/path/hello.txt
→ This correctly returns "operation not permitted"
Claude Model
None
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
v2.1.118
Platform
AWS Bedrock
Operating System
macOS
Terminal/Shell
Warp
Additional Information
_No response_
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗