claude-agent-sdk-python icon indicating copy to clipboard operation
claude-agent-sdk-python copied to clipboard
verified publisher icon anthropics

Limit Directory Access

Open pjsample opened this issue 6 months ago • 3 comments

Setting the ClaudeCodeOptions cwd does set the working directory correctly, but does not limit file operations to that directory. For example, parent directories can be read and written to.

Is there a way to limit activity to the CWD and subdirectories within it? If not, are there plans to add this feature?

pjsample avatar Jun 23 '25 15:06 pjsample

+1

ka2048 avatar Jul 22 '25 09:07 ka2048

I have the same issue, I was expecting the SDK to adhere to the Folder access restrictions that are central to the CLI's security policy.

Not sure if this is related to https://github.com/anthropics/claude-code-sdk-python/issues/10 or if that's purely about the directory the app is executed from.

If the built-in protections don't apply to the Python SDK, are there are any existing patterns or best practices for sandboxing it (i.e. example Dockerfiles)?

rdcolema avatar Jul 30 '25 21:07 rdcolema

Any updates here ?

zodwick avatar Oct 24 '25 16:10 zodwick