SpyBara
Go Premium

Documentation 2025-10-30 18:02 UTC to 2025-10-31 00:04 UTC

4 files changed +35 −30. View all changes and history on the product overview
2025
Fri 31 00:04 Thu 30 18:02 Wed 29 21:02 Tue 28 18:02 Mon 27 18:02 Fri 24 21:01 Thu 23 21:02 Tue 21 00:04 Mon 20 21:02 Fri 17 18:01 Thu 16 18:02 Wed 15 18:02 Mon 13 21:01

quickstart.md +27 −27

Details

14 14 

15## Step 1: Install Claude Code15## Step 1: Install Claude Code

16 16 

17### NPM Install17To install Claude Code, use one of the following methods:

18 18 

19If you have [Node.js 18 or newer installed](https://nodejs.org/en/download/):19<Tabs>

20 <Tab title="Native Install (Recommended)">

21 **Homebrew (macOS, Linux):**

20 22 

21```sh theme={null}23 ```sh theme={null}

22npm install -g @anthropic-ai/claude-code24 brew install --cask claude-code

23```25 ```

24 

25### Native Install

26 

27<Tip>

28 Alternatively, try our new native install, now in beta.

29</Tip>

30 26 

31**Homebrew (macOS, Linux):**27 **macOS, Linux, WSL:**

32 28 

33```sh theme={null}29 ```bash theme={null}

34brew install --cask claude-code30 curl -fsSL https://claude.ai/install.sh | bash

35```31 ```

36 32 

37**macOS, Linux, WSL:**33 **Windows PowerShell:**

38 34 

39```bash theme={null}35 ```powershell theme={null}

40curl -fsSL https://claude.ai/install.sh | bash36 irm https://claude.ai/install.ps1 | iex

41```37 ```

42 38 

43**Windows PowerShell:**39 **Windows CMD:**

44 40 

45```powershell theme={null}41 ```batch theme={null}

46irm https://claude.ai/install.ps1 | iex42 curl -fsSL https://claude.ai/install.cmd -o install.cmd && install.cmd && del install.cmd

47```43 ```

44 </Tab>

48 45 

49**Windows CMD:**46 <Tab title="NPM">

47 If you have [Node.js 18 or newer installed](https://nodejs.org/en/download/):

50 48 

51```batch theme={null}49 ```sh theme={null}

52curl -fsSL https://claude.ai/install.cmd -o install.cmd && install.cmd && del install.cmd50 npm install -g @anthropic-ai/claude-code

53```51 ```

52 </Tab>

53</Tabs>

54 54 

55## Step 2: Log in to your account55## Step 2: Log in to your account

56 56 

sandboxing.md +5 −1

Details

82 82 

83<Note>83<Note>

84 Claude Code includes an intentional escape hatch mechanism that allows commands to run outside the sandbox when necessary. When a command fails due to sandbox restrictions (such as network connectivity issues or incompatible tools), Claude is prompted to analyze the failure and may retry the command with the `dangerouslyDisableSandbox` parameter. Commands that use this parameter go through the normal Claude Code permissions flow requiring user permission to execute. This allows Claude Code to handle edge cases where certain tools or network operations cannot function within sandbox constraints.84 Claude Code includes an intentional escape hatch mechanism that allows commands to run outside the sandbox when necessary. When a command fails due to sandbox restrictions (such as network connectivity issues or incompatible tools), Claude is prompted to analyze the failure and may retry the command with the `dangerouslyDisableSandbox` parameter. Commands that use this parameter go through the normal Claude Code permissions flow requiring user permission to execute. This allows Claude Code to handle edge cases where certain tools or network operations cannot function within sandbox constraints.

85 

86 You can disable this escape hatch by setting `"allowUnsandboxedCommands": false` in your [sandbox settings](/en/docs/claude-code/settings#sandbox-settings). When disabled, the `dangerouslyDisableSandbox` parameter is completely ignored and all commands must run sandboxed or be explicitly listed in `excludedCommands`.

85</Note>87</Note>

86 88 

87## Security benefits89## Security benefits

155```json theme={null}157```json theme={null}

156{158{

157 "sandbox": {159 "sandbox": {

160 "network": {

158 "httpProxyPort": 8080,161 "httpProxyPort": 8080,

159 "socksProxyPort": 8081,162 "socksProxyPort": 8081

163 }

160 }164 }

161}165}

162```166```

security.md +1 −1

Details

62* **Secure credential storage**: API keys and tokens are encrypted. See [Credential Management](/en/docs/claude-code/iam#credential-management)62* **Secure credential storage**: API keys and tokens are encrypted. See [Credential Management](/en/docs/claude-code/iam#credential-management)

63 63 

64<Warning>64<Warning>

65 **Windows WebDAV security risk**: We recommend against enabling WebDAV when running Claude Code on Windows. [WebDAV has been deprecated by Microsoft](https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features#:~:text=The%20Webclient%20\(WebDAV\)%20service%20is%20deprecated) due to security risks. Enabling WebDAV may allow Claude Code to trigger network requests to remote hosts, bypassing the permission system.65 **Windows WebDAV security risk**: When running Claude Code on Windows, we recommend against enabling WebDAV or allowing Claude Code to access paths such as `\\*` that may contain WebDAV subdirectories. [WebDAV has been deprecated by Microsoft](https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features#:~:text=The%20Webclient%20\(WebDAV\)%20service%20is%20deprecated) due to security risks. Enabling WebDAV may allow Claude Code to trigger network requests to remote hosts, bypassing the permission system.

66</Warning>66</Warning>

67 67 

68**Best practices for working with untrusted content**:68**Best practices for working with untrusted content**:

settings.md +2 −1

Details

93**Filesystem and network restrictions** are configured via Read, Edit, and WebFetch permission rules, not via these sandbox settings.93**Filesystem and network restrictions** are configured via Read, Edit, and WebFetch permission rules, not via these sandbox settings.

94 94 

95| Keys | Description | Example |95| Keys | Description | Example |

96| :-------------------------- | :------------------------------------------------------------------------------------------------------------ | :------------------------ |96| :-------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------ |

97| `enabled` | Enable bash sandboxing (macOS/Linux only). Default: false | `true` |97| `enabled` | Enable bash sandboxing (macOS/Linux only). Default: false | `true` |

98| `autoAllowBashIfSandboxed` | Auto-approve bash commands when sandboxed. Default: true | `true` |98| `autoAllowBashIfSandboxed` | Auto-approve bash commands when sandboxed. Default: true | `true` |

99| `excludedCommands` | Commands that should run outside of the sandbox | `["git", "docker"]` |99| `excludedCommands` | Commands that should run outside of the sandbox | `["git", "docker"]` |

100| `allowUnsandboxedCommands` | Allow commands to run outside the sandbox via the `dangerouslyDisableSandbox` parameter. When set to `false`, the `dangerouslyDisableSandbox` escape hatch is completely disabled and all commands must run sandboxed (or be in `excludedCommands`). Useful for enterprise policies that require strict sandboxing. Default: true | `false` |

100| `network.allowUnixSockets` | Unix socket paths accessible in sandbox (for SSH agents, etc.) | `["~/.ssh/agent-socket"]` |101| `network.allowUnixSockets` | Unix socket paths accessible in sandbox (for SSH agents, etc.) | `["~/.ssh/agent-socket"]` |

101| `network.allowLocalBinding` | Allow binding to localhost ports (MacOS only). Default: false | `true` |102| `network.allowLocalBinding` | Allow binding to localhost ports (MacOS only). Default: false | `true` |

102| `network.httpProxyPort` | HTTP proxy port used if you wish to bring your own proxy. If not specified, Claude will run its own proxy. | `8080` |103| `network.httpProxyPort` | HTTP proxy port used if you wish to bring your own proxy. If not specified, Claude will run its own proxy. | `8080` |