Skip to content

Set up the sandbox

The sandbox limits which files and network domains Claude Code’s commands can reach. It’s off by default.

  1. Check support. Open Settings → Security. Sentinel detects whether your OS supports sandboxing (full filesystem + network on macOS/Linux; network-only on Windows) and reflects that in the panel.

  2. Enable isolation with the sandbox toggle.

  3. Add allowed paths. List the directories Claude Code may read and write — typically your project roots and any scratch directories your workflow uses.

  4. Add allowed domains. List the network destinations commands may reach — your package registry, your APIs, and anything your build needs.

  5. Run a representative task and widen the allowlists if something legitimate is blocked.

A correctly configured sandbox means a command that tries to read credentials outside your project, or exfiltrate data to an unlisted domain, is stopped by the OS — a layer below Sentinel’s own permission rules and security scanning. The three work together.