mazieres2d ago

Don't YOLO your file system

https://jai.scs.stanford.edu/

jai - easy containment for AI agents

Super-lightweight Linux sandbox for AI agents

Show threadAnotherGoodName2d ago

Add this to .claude/settings.json:

{
"sandbox": {
"enabled": true,
"filesystem": {
"allowRead": ["."],
"denyRead": ["~/"],
"allowWrite": ["."],
"denyWrite": ["/"]
}
}
}


You can change the read part if you're ok with it reading outside. This feature was only added 10 days ago fwiw but it's great and pretty much this.

Show threadcozzyd2d ago
Is this a real sandbox or just a pretty please?
Show threadray_v
It seems like it's controlled by the Bash tool (https://code.claude.com/docs/en/sandboxing) and then bubblewrap (https://github.com/containers/bubblewrap) on linux and Seatbelt on mac at the system level
Sandboxing - Claude Code Docs

Learn how Claude Code's sandboxed bash tool provides filesystem and network isolation for safer, more autonomous agent execution.

Claude Code Docs
Mar 28 at 2:47amWeb