claude-code - 💡(How to fix) Fix settings.json: add user-approval-required mode for dangerouslyDisableSandbox

Preflight Checklist

• I have searched existing requests and this feature hasn't been requested yet
• This is a single feature request (not multiple features)

Problem Statement

Problem

dangerouslyDisableSandbox: true is handled at the harness level before PreToolUse hooks run. This means hooks cannot gate or block the bypass — the parameter never appears in the tool_input JSON that hooks receive.

As a result, there is currently no way to enforce a "user must approve every sandbox bypass" policy at the project level:

• allowUnsandboxedCommands: false (if it exists) blocks all bypasses including explicit user approvals — too blunt for real workflows.
• PreToolUse hooks cannot intercept dangerouslyDisableSandbox at all.
• CLAUDE.md instructions alone are not technically enforced.

Proposed Solution

Feature Request

A settings.json option such as:

"sandbox": { "requireUserApprovalForUnsandboxedCommands": true }

Alternative Solutions

No response

Priority

High - Significant impact on productivity

Feature Category

Configuration and settings

Use Case Example

Behavior:

• When set, AI-initiated dangerouslyDisableSandbox: true calls are blocked unless the user explicitly approved them in the current turn (e.g. via the tool-approval UI or a recognized hook marker).
• Bypasses approved by the user still work.
• Compatible with existing hook-based approval flows.

This would allow project maintainers to enforce a meaningful consent policy without breaking legitimate workflows like template updates, git operations, or CLI tools that occasionally need to reach outside the sandbox.

Additional Context

No response