Comment by qwertox

Comment by qwertox 4 days ago

4 replies

View on Hacker News

I haven't really done anything serious with Claude Code, but today I tested starting claude in ~/claude/test, and told it to list my home dir, which it then did.

Is there a way to tell tools like Claude Code that it must never leave ~/claude/test, and don't event think about using absolute paths, or relative paths which contain `..`?

anuramat 4 days ago

it's already read only outside of project directories (except for Bash tool); your only further option is to wrap it in a sandbox, `bwrap` is perfect for this

"don't even think" is in the default system prompt, but it's inherently indeterministic and can be overridden with a direct instruction as you have seen

Reply View 1 reply
  • qwertox 4 days ago

    Wow! Thank you for bringing bubblewrap to my attention. What an amazing tool! This opens so many doors.

    Reply View 0 replies
thrown-0825 4 days ago

run it in a vm, running an agent directly on your machine is madness

Reply View 0 replies