settings.json: add user-approval-required mode for dangerouslyDisableSandbox
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Problem
dangerouslyDisableSandbox: true is handled at the harness level before
PreToolUse hooks run. This means hooks cannot gate or block the bypass —
the parameter never appears in the tool_input JSON that hooks receive.
As a result, there is currently no way to enforce a "user must approve
every sandbox bypass" policy at the project level:
allowUnsandboxedCommands: false(if it exists) blocks all bypasses
including explicit user approvals — too blunt for real workflows.
- PreToolUse hooks cannot intercept
dangerouslyDisableSandboxat all. - CLAUDE.md instructions alone are not technically enforced.
Proposed Solution
Feature Request
A settings.json option such as:
"sandbox": {
"requireUserApprovalForUnsandboxedCommands": true
}
Alternative Solutions
_No response_
Priority
High - Significant impact on productivity
Feature Category
Configuration and settings
Use Case Example
Behavior:
- When set, AI-initiated
dangerouslyDisableSandbox: truecalls are
blocked unless the user explicitly approved them in the current turn
(e.g. via the tool-approval UI or a recognized hook marker).
- Bypasses approved by the user still work.
- Compatible with existing hook-based approval flows.
This would allow project maintainers to enforce a meaningful consent
policy without breaking legitimate workflows like template updates, git
operations, or CLI tools that occasionally need to reach outside the
sandbox.
Additional Context
_No response_
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗