Last active
January 29, 2026 13:15
-
-
Save wbern/451572242b7ba79538717796fffb61c3 to your computer and use it in GitHub Desktop.
My very loose Claude Code sandbox global config (~/.claude/settings.json)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "alwaysThinkingEnabled": false, | |
| "includeCoAuthoredBy": false, | |
| "permissions": { | |
| "allow": [ | |
| "Bash(git config:*)", | |
| "Bash(git log:*)", | |
| "Bash(git status:*)", | |
| "Bash(git diff:*)", | |
| "Bash(git branch:*)", | |
| "Bash(git add:*)", | |
| "Bash(git fetch:*)", | |
| "Bash(git ls-tree:*)", | |
| "Bash(gh issue view:*)", | |
| "Bash(ls:*)", | |
| "Bash(cat:*)", | |
| "Bash(head:*)", | |
| "Bash(tail:*)", | |
| "Bash(find:*)", | |
| "Bash(jq:*)", | |
| "Bash(code:*)", | |
| "Bash(pnpm:*)", | |
| "Bash(pnpm install:*)", | |
| "Bash(pnpm test:*)", | |
| "Bash(pnpm lint:*)", | |
| "Bash(pnpm eslint:*)", | |
| "Bash(pnpm exec eslint:*)", | |
| "Bash(npx eslint:*)", | |
| "Bash(npx tsc:*)", | |
| "Bash(npx secretlint:*)", | |
| "WebSearch", | |
| "WebFetch(domain:docs.claude.com)", | |
| "WebFetch(domain:github.com)", | |
| "WebFetch(domain:raw.githubusercontent.com)", | |
| "WebFetch(domain:docs.github.com)", | |
| "WebFetch(domain:github.blog)", | |
| "WebFetch(domain:www.npmjs.com)", | |
| "WebFetch(domain:playwright.dev)", | |
| "WebFetch(domain:storybook.js.org)", | |
| "WebFetch(domain:stackoverflow.com)", | |
| "mcp__github__get_issue", | |
| "mcp__github__get_issue_comments", | |
| "mcp__github__search_pull_requests", | |
| "mcp__github__pull_request_read", | |
| "mcp__github__get_pull_request_files", | |
| "mcp__github__issue_read", | |
| "mcp__github__list_workflow_jobs", | |
| "mcp__github__get_workflow_run", | |
| "mcp__github__get_me", | |
| "mcp__github__get_commit", | |
| "mcp__github__search_issues", | |
| "mcp__github__list_issues", | |
| "mcp__github__get_label", | |
| "mcp__context7__resolve-library-id", | |
| "mcp__context7__get-library-docs", | |
| "mcp__mcp-jq__jq_query_file" | |
| ], | |
| "deny": [ | |
| "Read(**/.env)", | |
| "Read(**/.env.*)", | |
| "Read(**/secrets/**)", | |
| "Read(**/*.pem)", | |
| "Read(**/*.key)", | |
| "Read(**/*credentials*)", | |
| "Read(**/*secret*)", | |
| "Read(**/apikey*)", | |
| "Read(~/.ssh/**)", | |
| "Read(~/.aws/**)", | |
| "Read(~/.gnupg/**)", | |
| "Read(~/.kube/**)", | |
| "Read(~/.netrc)", | |
| "Read(~/.git-credentials)", | |
| "Read(~/.npmrc)", | |
| "Read(~/.pypirc)", | |
| "Read(~/.docker/**)", | |
| "Read(~/.cargo/credentials*)", | |
| "Read(~/.m2/**)", | |
| "Read(~/.claude/**)", | |
| "Read(~/Library/Keychains/**)", | |
| "Read(~/Library/Cookies/**)", | |
| "Read(~/Library/Accounts/**)", | |
| "Read(~/Library/Mail/**)", | |
| "Read(~/Library/Messages/**)", | |
| "Read(~/Library/Preferences/**)", | |
| "Read(~/Library/Safari/**)", | |
| "Read(~/Library/Application Support/Google/Chrome/**)", | |
| "Read(~/Library/Application Support/Firefox/**)", | |
| "Read(~/Library/Application Support/Microsoft/Edge/**)", | |
| "Read(~/Library/Application Support/1Password/**)", | |
| "Read(~/Library/Saved Application State/**)", | |
| "Bash(rm -rf:*)", | |
| "Bash(rm -r:*)", | |
| "Bash(sudo:*)", | |
| "Bash(su:*)", | |
| "Bash(chmod 777:*)", | |
| "Bash(curl|sh)", | |
| "Bash(wget|sh)", | |
| "Bash(> /dev:*)", | |
| "Bash(mkfs:*)", | |
| "Bash(dd:*)" | |
| ] | |
| }, | |
| "sandbox": { | |
| "enabled": true, | |
| "allowUnsandboxedCommands": true, | |
| "network": { | |
| "allowUnixSockets": ["/private/tmp/com.apple.launchd.*/Listeners"], | |
| "allowLocalBinding": true | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment