feat: add missing sandbox type definitions for CLI settings parity#862
Open
chatterjeesrijeet wants to merge 1 commit intoanthropics:mainfrom
Open
feat: add missing sandbox type definitions for CLI settings parity#862chatterjeesrijeet wants to merge 1 commit intoanthropics:mainfrom
chatterjeesrijeet wants to merge 1 commit intoanthropics:mainfrom
Conversation
The Python SDK's sandbox configuration types were significantly behind
the TypeScript SDK and the documented CLI settings schema. This commit
brings them to parity by adding types and fields that the CLI already
supports but the Python SDK did not expose.
Changes:
1. New SandboxFilesystemConfig TypedDict:
- allowWrite: additional writable paths for sandboxed commands
- denyWrite: paths where sandboxed commands cannot write
- denyRead: paths where sandboxed commands cannot read
- allowRead: re-allow reading specific paths within denyRead regions
- allowManagedReadPathsOnly: restrict to managed allowRead entries
2. Extended SandboxNetworkConfig with missing fields:
- allowMachLookup: XPC/Mach service names (macOS, supports * prefix)
- allowedDomains: outbound domains (supports wildcards like *.example.com)
- deniedDomains: blocked domains (takes precedence over allowedDomains)
- allowManagedDomainsOnly: restrict to managed allowedDomains entries
3. Extended SandboxSettings with missing fields:
- failIfUnavailable: exit with error if sandbox deps are unavailable
- filesystem: SandboxFilesystemConfig for filesystem restrictions
- enableWeakerNetworkIsolation: allow system TLS access (macOS only)
4. Exported SandboxFilesystemConfig in public API (__init__.py / __all__)
5. Added 3 new tests:
- test_sandbox_filesystem_config: verifies filesystem config passthrough
- test_sandbox_network_domains: verifies domain-based network config
- test_sandbox_new_settings_fields: verifies failIfUnavailable and
enableWeakerNetworkIsolation
All new fields use total=False (optional), so this is fully backward
compatible with existing code.
Relates to anthropics#861 — users in containerized environments (e.g. AWS Bedrock
AgentCore) need filesystem and network config options to work around
bwrap sandbox DNS resolution issues where /etc/hosts is not mounted.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
SandboxFilesystemConfigTypedDict withallowWrite,denyWrite,denyRead,allowRead, andallowManagedReadPathsOnlyfieldsSandboxNetworkConfigwithallowMachLookup,allowedDomains,deniedDomains, andallowManagedDomainsOnlyfieldsSandboxSettingswithfailIfUnavailable,filesystem, andenableWeakerNetworkIsolationfieldsSandboxFilesystemConfigin the public APItotal=False) — fully backward compatibleMotivation
The Python SDK's sandbox types were behind the TypeScript SDK and the documented CLI settings schema. The CLI already supports filesystem configuration, domain-based network rules, and other sandbox settings, but Python SDK users had no way to configure them.
This is relevant to #861 — users in containerized environments (e.g. AWS Bedrock AgentCore) need
filesystemconfig options (likeallowReadfor/etc/hostsand/etc/resolv.conf) to work around bwrap sandbox DNS resolution issues.Test plan
test_sandbox_filesystem_config,test_sandbox_network_domains,test_sandbox_new_settings_fields_build_settings_value🤖 Generated with Claude Code