I want a safe set up on my machine. I’d like to let Claude Code read anything in the project directory, but make it ask for approval to read ouside of it. Don’t get me wrong, I let agents do whatever they want in an isolated vm, but I want to make sure I know exactly what Claude does on my machine. I found this configuration: https://deepwiki.com/anthropics/claude-code/3.8-agent-system-and-subagents#strict-sandbox-enterprise It restricts everything the way I want, but it doesn’t take care of reads outside of the project directory. Do I understand correctly that adding the following to this configuration does what I want? “permissionRules”: [ { “tool”: “Read”, “path”: “./", “policy”: “allow” }, { “tool”: “Glob”, “path”: "./”, “policy”: “allow” }, { “tool”: “Grep”, “path”: “./", “policy”: “allow” } ], Then the entire ~/.claude/settings.json looks like this: { “allowManagedPermissionRulesOnly”: true, “permissionRules”: [ { “tool”: “Read”, “path”: "./”, “policy”: “allow” }, { “tool”: “Glob”, “path”: “./", “policy”: “allow” }, { “tool”: “Grep”, “path”: "./”, “policy”: “allow” } ], “sandbox”: { “enabled”: true, “autoAllowBashIfSandboxed”: false, “allowUnsandboxedCommands”: false, “excludedCommands”: [], “filesystem”: { “allowWrite”: [] }, “network”: { “allowUnixSockets”: [], “allowAllUnixSockets”: false, “allowLocalBinding”: false, “allowedDomains”: [] }, “enableWeakerNestedSandbox”: false }, “permissions”: { “defaultMode”: “plan” } } submitted by /u/Veson
Originally posted by u/Veson on r/ClaudeCode