Preflight Checklist
What's Wrong?
Summary
The sandbox.excludedCommands setting in .claude/settings.json is being ignored. Commands listed in this array are still being executed with sandboxing enabled, contrary to the documented behavior.
Expected Behavior
According to the settings documentation, excludedCommands should specify "Commands that should run outside of the sandbox." When a command is listed in this array, Claude Code should execute it outside the sandbox from the first attempt.
Actual Behavior
Commands listed in excludedCommands are still executed in the sandbox. Claude Code only attempts to run them outside the sandbox after the sandboxed execution fails and encounters errors indicating sandbox restrictions.
Steps to Reproduce
- Create
.claude/settings.json with the following configuration:
{
"sandbox": {
"enabled": true,
"excludedCommands": ["uv"]
}
}
- Run a command that would trigger the excluded command:
- Observe that Claude Code first attempts to run
uv sync inside the sandbox, which fails with:
error: failed to open file `~/.cache/uv/sdists-v9/.git`: Read-only file system (os error 30)
- Claude Code then attempts to retry outside the sandbox
Configuration Used
Note: The settings file was copied directly from the official settings documentation to avoid any syntax errors or misspellings. The only modification made was replacing "docker" with "uv" in the excludedCommands array to demonstrate this issue.
{
"sandbox": {
"enabled": true,
"autoAllowBashIfSandboxed": true,
"excludedCommands": ["uv"],
"network": {
"allowUnixSockets": [
"/var/run/docker.sock"
],
"allowLocalBinding": true
}
},
"permissions": {
"deny": [
"Read(.envrc)",
"Read(~/.aws/**)"
]
}
}Environment
- Claude Code version: v2.0.28
- Model: Sonnet 4.5 (Claude Max)
- Platform: Linux 6.12.48-1-MANJARO
Impact
This bug defeats the purpose of the excludedCommands setting. Tools like uv, docker, and watchman that are incompatible with sandboxing (as noted in the sandboxing documentation) will always fail on the first attempt, requiring:
- Extra retries and API calls
- User intervention to approve the unsandboxed execution
- Unnecessary error messages and friction in the workflow
What Should Happen?
According to the settings documentation, excludedCommands should specify "Commands that should run outside of the sandbox." When a command is listed in this array, Claude Code should execute it outside the sandbox from the first attempt.
Error Messages/Logs
Steps to Reproduce
- Create
.claude/settings.json with the following configuration:
{
"sandbox": {
"enabled": true,
"excludedCommands": ["uv"]
}
}
- Run a command that would trigger the excluded command:
- Observe that Claude Code first attempts to run
uv sync inside the sandbox, which fails with:
error: failed to open file `~/.cache/uv/sdists-v9/.git`: Read-only file system (os error 30)
- Claude Code then attempts to retry outside the sandbox
Claude Model
Sonnet (default)
Is this a regression?
I don't know
Last Working Version
No response
Claude Code Version
2.0.28
Platform
Anthropic API
Operating System
Ubuntu/Debian Linux
Terminal/Shell
Other
Additional Information
No response
Preflight Checklist
What's Wrong?
Summary
The
sandbox.excludedCommandssetting in.claude/settings.jsonis being ignored. Commands listed in this array are still being executed with sandboxing enabled, contrary to the documented behavior.Expected Behavior
According to the settings documentation,
excludedCommandsshould specify "Commands that should run outside of the sandbox." When a command is listed in this array, Claude Code should execute it outside the sandbox from the first attempt.Actual Behavior
Commands listed in
excludedCommandsare still executed in the sandbox. Claude Code only attempts to run them outside the sandbox after the sandboxed execution fails and encounters errors indicating sandbox restrictions.Steps to Reproduce
.claude/settings.jsonwith the following configuration:{ "sandbox": { "enabled": true, "excludedCommands": ["uv"] } }uv syncinside the sandbox, which fails with:Configuration Used
Note: The settings file was copied directly from the official settings documentation to avoid any syntax errors or misspellings. The only modification made was replacing
"docker"with"uv"in theexcludedCommandsarray to demonstrate this issue.{ "sandbox": { "enabled": true, "autoAllowBashIfSandboxed": true, "excludedCommands": ["uv"], "network": { "allowUnixSockets": [ "/var/run/docker.sock" ], "allowLocalBinding": true } }, "permissions": { "deny": [ "Read(.envrc)", "Read(~/.aws/**)" ] } }Environment
Impact
This bug defeats the purpose of the
excludedCommandssetting. Tools likeuv,docker, andwatchmanthat are incompatible with sandboxing (as noted in the sandboxing documentation) will always fail on the first attempt, requiring:What Should Happen?
According to the settings documentation,
excludedCommandsshould specify "Commands that should run outside of the sandbox." When a command is listed in this array, Claude Code should execute it outside the sandbox from the first attempt.Error Messages/Logs
Steps to Reproduce
.claude/settings.jsonwith the following configuration:{ "sandbox": { "enabled": true, "excludedCommands": ["uv"] } }uv syncinside the sandbox, which fails with:Claude Model
Sonnet (default)
Is this a regression?
I don't know
Last Working Version
No response
Claude Code Version
2.0.28
Platform
Anthropic API
Operating System
Ubuntu/Debian Linux
Terminal/Shell
Other
Additional Information
No response