claude-sandbox: Yet another sandboxing tool for Claude Code on macOS

This post walks through claude-sandbox , a small tool I built to bring predictable, low-friction sandboxing to Claude Code on macOS. The Problem with the Built-in Sandbox Claude Code ships with a built-in sandboxing feature . It's capable, but it wasn't a great fit for my workflow: It kept blocking legitimate operations in unexpected ways, and troubleshooting took more time than the protection was worth. It includes network isolation, which I didn't need at all — just extra complexity with no benefit for my use case. What I actually wanted was simple: restrict file writes to the current project directory , with an easy way to allow exceptions when needed. Nothing more. That's claude-sandbox. How It Works claude-sandbox wraps the claude command and runs it under macOS's sandbox-exec (Apple Seatbelt — the same technology used in Claude Code's built-in sandboxing). The default policy is simple: allow everything, deny all file writes, then re-allow writes to a few specific paths — the curr