settings.json: add user-approval-required mode for dangerouslyDisableSandbox

Resolved 💬 2 comments Opened May 26, 2026 by vollprechtgestaltung Closed May 30, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Problem

dangerouslyDisableSandbox: true is handled at the harness level before
PreToolUse hooks run. This means hooks cannot gate or block the bypass —
the parameter never appears in the tool_input JSON that hooks receive.

As a result, there is currently no way to enforce a "user must approve
every sandbox bypass" policy at the project level:

  • allowUnsandboxedCommands: false (if it exists) blocks all bypasses

including explicit user approvals — too blunt for real workflows.

  • PreToolUse hooks cannot intercept dangerouslyDisableSandbox at all.
  • CLAUDE.md instructions alone are not technically enforced.

Proposed Solution

Feature Request

A settings.json option such as:

"sandbox": {
"requireUserApprovalForUnsandboxedCommands": true
}

Alternative Solutions

_No response_

Priority

High - Significant impact on productivity

Feature Category

Configuration and settings

Use Case Example

Behavior:

  • When set, AI-initiated dangerouslyDisableSandbox: true calls are

blocked unless the user explicitly approved them in the current turn
(e.g. via the tool-approval UI or a recognized hook marker).

  • Bypasses approved by the user still work.
  • Compatible with existing hook-based approval flows.

This would allow project maintainers to enforce a meaningful consent
policy without breaking legitimate workflows like template updates, git
operations, or CLI tools that occasionally need to reach outside the
sandbox.

Additional Context

_No response_

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗