[DOCS] Sandboxing docs omit the git worktree shared-repository write boundary

Open 💬 1 comment Opened May 22, 2026 by coygeek

Documentation Type

Missing documentation (feature not documented)

Documentation Location

https://code.claude.com/docs/en/sandboxing

Section/Topic

How the Bash sandbox filesystem boundary behaves inside a linked git worktree

Current Documentation

The docs currently say:

By default, sandboxed commands can only write to the current working directory. If subprocess commands like kubectl, terraform, or npm need to write outside the project directory, use sandbox.filesystem.allowWrite to grant access to specific paths:

Later on the same page they say:

Default write behavior: read and write access to the current working directory and its subdirectories Blocked access: cannot modify files outside the current working directory without explicit permission, including shell configuration files such as ~/.bashrc and system binaries in /bin/

The worktrees guide says:

A git worktree is a separate working directory with its own files and branch, sharing the same repository history and remote as your main checkout.

What's Wrong or Missing?

Changelog v2.1.149 says:

Fixed the sandbox write allowlist in git worktrees covering the entire main repository root instead of only the shared .git directory (with hooks/ and config denied)

The current sandbox docs describe only the generic “current working directory” boundary. They do not explain the git-worktree-specific exception that sandboxed Bash may also need write access to the main repository root that backs the worktree's shared Git state.

That leaves the documented boundary incomplete for worktree sessions: readers are told that writes outside the current working directory need an explicit sandbox.filesystem.allowWrite override, but the docs never explain that Claude Code now makes a built-in worktree exception for shared repository writes while still denying hooks/ and config.

Suggested Improvement

Add a short note to the sandboxing guide's filesystem section, and cross-reference it from the worktrees guide.

Suggested text:

When Claude runs sandboxed Bash inside a linked git worktree, the sandbox also allows writes to the main repository root that backs the worktree's shared Git state. This exception is limited: the main checkout's hooks/ directory and Git config remain denied.

Placing this next to the default write-boundary explanation would make it clear why git operations can still work in worktree sessions without requiring users to widen sandbox.filesystem.allowWrite manually.

Impact

Medium - Makes feature difficult to understand

Additional Context

Affected Pages:

| Page | Line(s) | Context |
|------|---------|---------|
| https://code.claude.com/docs/en/sandboxing | 149-176, 198-205 | Describes only current-working-directory writes and manual allowWrite overrides |
| https://code.claude.com/docs/en/worktrees | 9-18 | Explains that worktrees share repository history with the main checkout, but not how sandbox writes are handled |
| https://code.claude.com/docs/en/settings | 278-287, 327-356 | Documents worktree and sandbox settings separately without describing their interaction in git worktrees |

Total scope: 3 pages affected

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗