| ▲ | qwertox 6 days ago | |||||||
I haven't really done anything serious with Claude Code, but today I tested starting claude in ~/claude/test, and told it to list my home dir, which it then did. Is there a way to tell tools like Claude Code that it must never leave ~/claude/test, and don't event think about using absolute paths, or relative paths which contain `..`? | ||||||||
| ▲ | anuramat 6 days ago | parent | next [-] | |||||||
it's already read only outside of project directories (except for Bash tool); your only further option is to wrap it in a sandbox, `bwrap` is perfect for this "don't even think" is in the default system prompt, but it's inherently indeterministic and can be overridden with a direct instruction as you have seen | ||||||||
| ||||||||
| ▲ | thrown-0825 6 days ago | parent | prev | next [-] | |||||||
run it in a vm, running an agent directly on your machine is madness | ||||||||
| ▲ | bavell 6 days ago | parent | prev [-] | |||||||
Chroot jail? | ||||||||