From 90c07d1c7e501318d60c59c3c9047ea063ab46fc Mon Sep 17 00:00:00 2001
From: Kurt Carpenter <kurt@anthropic.com>
Date: Fri, 30 Jan 2026 16:59:39 -0800
Subject: [PATCH] Stricter sandbox config

---
 examples/settings/settings-strict.json | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/examples/settings/settings-strict.json b/examples/settings/settings-strict.json
index faa1fb0f..73ef2ecd 100644
--- a/examples/settings/settings-strict.json
+++ b/examples/settings/settings-strict.json
@@ -11,5 +11,16 @@
   },
   "allowManagedPermissionRulesOnly": true,
   "allowManagedHooksOnly": true,
-  "strictKnownMarketplaces": []
+  "strictKnownMarketplaces": [],
+  "sandbox": {
+    "autoAllowBashIfSandboxed": false,
+    "excludedCommands": [],
+    "network": {
+      "allowUnixSockets": [],
+      "allowLocalBinding": false,
+      "httpProxyPort": null,
+      "socksProxyPort": null
+    },
+    "enableWeakerNestedSandbox": false
+  }
 }