Set up the sandbox
The sandbox limits which files and network domains Claude Code’s commands can reach. It’s off by default.
-
Check support. Open Settings → Security. Sentinel detects whether your OS supports sandboxing (full filesystem + network on macOS/Linux; network-only on Windows) and reflects that in the panel.
-
Enable isolation with the sandbox toggle.
-
Add allowed paths. List the directories Claude Code may read and write — typically your project roots and any scratch directories your workflow uses.
-
Add allowed domains. List the network destinations commands may reach — your package registry, your APIs, and anything your build needs.
-
Run a representative task and widen the allowlists if something legitimate is blocked.
What it protects
Section titled “What it protects”A correctly configured sandbox means a command that tries to read credentials outside your project, or exfiltrate data to an unlisted domain, is stopped by the OS — a layer below Sentinel’s own permission rules and security scanning. The three work together.