settings.md +52 −0
86| `defaultMode` | Default [permission mode](iam#permission-modes) when opening Claude Code | `"acceptEdits"` |86| `defaultMode` | Default [permission mode](iam#permission-modes) when opening Claude Code | `"acceptEdits"` |
87| `disableBypassPermissionsMode` | Set to `"disable"` to prevent `bypassPermissions` mode from being activated. This disables the `--dangerously-skip-permissions` command-line flag. See [managed policy settings](iam#enterprise-managed-policy-settings) | `"disable"` |87| `disableBypassPermissionsMode` | Set to `"disable"` to prevent `bypassPermissions` mode from being activated. This disables the `--dangerously-skip-permissions` command-line flag. See [managed policy settings](iam#enterprise-managed-policy-settings) | `"disable"` |
88 88
89### Sandbox settings
90
91Configure advanced sandboxing behavior. Sandboxing isolates bash commands from your filesystem and network. See [Sandboxing](/en/docs/claude-code/sandboxing) for details.
92
93**Filesystem and network restrictions** are configured via Read, Edit, and WebFetch permission rules, not via these sandbox settings.
94
95| Keys | Description | Example |
96| :-------------------------- | :------------------------------------------------------------------------------------------------------------ | :------------------------ |
97| `enabled` | Enable bash sandboxing (macOS/Linux only). Default: false | `true` |
98| `autoAllowBashIfSandboxed` | Auto-approve bash commands when sandboxed. Default: true | `true` |
99| `excludedCommands` | Commands that should run outside of the sandbox | `["git", "docker"]` |
100| `network.allowUnixSockets` | Unix socket paths accessible in sandbox (for SSH agents, etc.) | `["~/.ssh/agent-socket"]` |
101| `network.allowLocalBinding` | Allow binding to localhost ports (MacOS only). Default: false | `true` |
102| `network.httpProxyPort` | HTTP proxy port used if you wish to bring your own proxy. If not specified, Claude will run its own proxy. | `8080` |
103| `network.socksProxyPort` | SOCKS5 proxy port used if you wish to bring your own proxy. If not specified, Claude will run its own proxy. | `8081` |
104| `enableWeakerNestedSandbox` | Enable weaker sandbox for unprivileged Docker environments (Linux only). **Reduces security.** Default: false | `true` |
105
106**Configuration example:**
107
108```json theme={null}
109{
110 "sandbox": {
111 "enabled": true,
112 "autoAllowBashIfSandboxed": true,
113 "excludedCommands": ["docker"],
114 "network": {
115 "allowUnixSockets": [
116 "/var/run/docker.sock"
117 ],
118 "allowLocalBinding": true
119 }
120 },
121 "permissions": {
122 "deny": [
123 "Read(.envrc)",
124 "Read(~/.aws/**)"
125 ]
126 }
127}
128```
129
130**Filesystem access** is controlled via Read/Edit permissions:
131
132* Read deny rules block file reads in sandbox
133* Edit allow rules permit file writes (in addition to the defaults, e.g. the current working directory)
134* Edit deny rules block writes within allowed paths
135
136**Network access** is controlled via WebFetch permissions:
137
138* WebFetch allow rules permit network domains
139* WebFetch deny rules block network domains
140
89### Settings precedence141### Settings precedence
90 142
91Settings are applied in order of precedence (highest to lowest):143Settings are applied in order of precedence (highest to lowest):