From 5631169af28aaae6985c65c69bdc78ff2b1002a9 Mon Sep 17 00:00:00 2001 From: mwiegand Date: Tue, 12 May 2026 21:58:46 +0200 Subject: [PATCH] docs(agents): add sandbox and temp file usage guidelines Co-Authored-By: Claude Sonnet 4.6 --- agents/AGENTS.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/agents/AGENTS.md b/agents/AGENTS.md index 457b689..23fa847 100644 --- a/agents/AGENTS.md +++ b/agents/AGENTS.md @@ -14,6 +14,11 @@ project's `AGENTS.md` / `CLAUDE.md` specifies a different directory, that wins. +## Sandbox + +- **Always run commands sandboxed first.** Only use `dangerouslyDisableSandbox: true` as a last resort after a sandbox-related failure — never preemptively. +- **On sandbox failure:** analyze the error message for the blocked path, then suggest adding it to `sandbox.filesystem.allowWrite` in `~/.claude/settings.json`. Only fall back to `dangerouslyDisableSandbox: true` if the path can't be determined or the user prefers it. + ## Temporary Files - **Use `$TMPDIR` or `.tmp/` (project-local) for temporary files.** Never use `/tmp` directly or paths like `/Library/Application Support` — those are not in the sandbox allowlist and trigger permission prompts.