The sandbox in Claude Code by default can access files anywhere in your home directory. This is not ideal, since we usually don't want it to read from our ~/Documents directory.
This card shows how to restrict its configuration.
A reasonable default
Put this in your ~/.claude/settings.json:
{
"sandbox": {
"enabled": true,
"autoAllowBashIfSandboxed": true,
"network": {
"allowAllUnixSockets": true
},
"filesystem": {
"denyRead": [
"~/"
],
"allowRead": [
".",
"~/.rbenv",
"~/.nvm",
"~/.claude",
"~/.cache/node/corepack",
"~/.cache/ms-playwright",
"~/projects/another-project"
],
"allowWrite": [
"~/.local/share/pnpm"
]
}
}
}
Explanation
The above configuration does the following.
- Allows socket access, for the database to be reachable (as mentioned in the base sandbox card).
- Prevents reading with the
Readtool from your home directory's contents. However, this restriction can be loosened withallowReadentries, as seen. - Allows reading with the
Readtool from- Project directory (
.resolved from where you startclaude) - Configuration and cache of rbenv, nvm, corepack, and Playwright (the latter is relevant if you're using Vitest)
- Your Claude Code configuration (helpful to ask Claude Code about its own settings)
- Any other projects that you want to be reachable, like
authentication-vanilla-exampleor another project that you forked from.
- Project directory (
- Allows writing to PNPM's store cache. Required for Claude Code to run
pnpm installitself.
Merged configurations
Your own configuration files in ~/.claude/settings.json and your project's .claude/settings.local.json will always be merged on top of the default configuration. So you can start with this default, but refine it further per project.
Posted by Arne Hartherz to makandra dev (2026-06-23 14:54)