sandbox.network.deniedDomains Setting

• Entity ID: ent-20260423-r30a000000005
• Type: mechanism
• Scope: private
• Status: active

Description

Configuration key added in v2.1.113 that blocks specific domains even when a broader sandbox.network.allowedDomains wildcard would otherwise permit them. Responsive to post-leak supply-chain scenarios (typosquatted registries, internal artifact mirrors) where wildcards like *.npmjs.org are too broad. Enables deny-overrides-allow semantics for outbound network policy.

Key claims

• sandbox.network.deniedDomains enables deny-overrides-allow network policy

Relations

• sandbox.network.deniedDomains Setting --[contains]--> Claude Code v2.1.113
• Post-Leak Claude Code Playbook --[depends_on]--> sandbox.network.deniedDomains Setting

Sources

src-20260423-22e662f6932a