What's New
Sandbox Configuration GUI ✨
A new Sandbox page for configuring Claude Code's bash command isolation, network access, and security settings — no more hand-editing settings.json.
General Settings
- Sandbox Enabled — Toggle bash command sandboxing for isolation
- Auto-Allow Bash if Sandboxed — Automatically allow bash commands when sandbox is active
- Allow Unsandboxed Commands — Allow certain commands to run outside the sandbox
- Enable Weaker Nested Sandbox — Use a less restrictive sandbox for nested operations
- All toggles use a tri-state cycle: Not set → Enabled → Disabled → Not set
Excluded Commands
- Add/remove commands excluded from sandbox restrictions (e.g.
git,docker) - Tag-style UI with inline add/remove
Network Configuration
- Allow All Unix Sockets — Toggle to allow connections to any Unix domain socket
- Allowed Unix Sockets — Specify individual socket paths (auto-disabled when "allow all" is on)
- Allow Local Binding — Allow binding to local ports (macOS only)
- Allowed Domains — Configure network domains the sandbox can access, with wildcard support (e.g.
*.example.com) - HTTP Proxy Port / SOCKS Proxy Port — Configure proxy ports for sandboxed network access
Scope Support
Uses the same three-scope system as other settings pages:
- User (
~/.claude/settings.json) — applies to all projects - Project (
.claude/settings.json) — shared with team via git - Local (
.claude/settings.local.json) — personal overrides, not committed
All changes preserve existing settings (hooks, permissions, model config, etc.) — only sandbox keys are modified. Clearing all sandbox fields removes the "sandbox" key entirely from the JSON.
Technical Details
- 7 files changed, ~1,000 lines of new code
- Full Rust backend with 4 new unit tests covering sandbox read, write, key preservation, and cleanup
- Null-stripping ensures clean JSON output (no
nullvalues written for unset fields) - All CI checks passing across macOS, Linux, and Windows builds
Full Changelog: v2.5.0...v2.6.0