seatbelt

2 questions

AI

How do I run untrusted `npm install` without my SSH keys leaking?

Claude Code's bash tool can run inside an OS-level sandbox (Seatbelt on macOS, bubblewrap on Linux/WSL2) that restricts filesystem and network access. Here's how to enable it, the configuration that matters, and the network-isolation footgun that catches people.
AI

How do I sandbox Claude Code so a compromised tool call cannot leak my SSH keys?

Enable Claude Code's built-in sandbox, which uses macOS Seatbelt or Linux bubblewrap to restrict filesystem writes to your project directory and block all network traffic except approved domains. Configure allowWrite, denyRead, and allowedDomains to define the exact boundary.