MCPcopy Index your code
hub / github.com/codeaashu/claude-code / convertToSandboxRuntimeConfig

Function convertToSandboxRuntimeConfig

src/utils/sandbox/sandbox-adapter.ts:172–381  ·  view source on GitHub ↗
(
  settings: SettingsJson,
)

Source from the content-addressed store, hash-verified

170 * @param settings Merged settings (used for sandbox config like network, ripgrep, etc.)
171 */
172export function convertToSandboxRuntimeConfig(
173 settings: SettingsJson,
174): SandboxRuntimeConfig {
175 const permissions = settings.permissions || {}
176
177 // Extract network domains from WebFetch rules
178 const allowedDomains: string[] = []
179 const deniedDomains: string[] = []
180
181 // When allowManagedSandboxDomainsOnly is enabled, only use domains from policy settings
182 if (shouldAllowManagedSandboxDomainsOnly()) {
183 const policySettings = getSettingsForSource('policySettings')
184 for (const domain of policySettings?.sandbox?.network?.allowedDomains ||
185 []) {
186 allowedDomains.push(domain)
187 }
188 for (const ruleString of policySettings?.permissions?.allow || []) {
189 const rule = permissionRuleValueFromString(ruleString)
190 if (
191 rule.toolName === WEB_FETCH_TOOL_NAME &&
192 rule.ruleContent?.startsWith('domain:')
193 ) {
194 allowedDomains.push(rule.ruleContent.substring('domain:'.length))
195 }
196 }
197 } else {
198 for (const domain of settings.sandbox?.network?.allowedDomains || []) {
199 allowedDomains.push(domain)
200 }
201 for (const ruleString of permissions.allow || []) {
202 const rule = permissionRuleValueFromString(ruleString)
203 if (
204 rule.toolName === WEB_FETCH_TOOL_NAME &&
205 rule.ruleContent?.startsWith('domain:')
206 ) {
207 allowedDomains.push(rule.ruleContent.substring('domain:'.length))
208 }
209 }
210 }
211
212 for (const ruleString of permissions.deny || []) {
213 const rule = permissionRuleValueFromString(ruleString)
214 if (
215 rule.toolName === WEB_FETCH_TOOL_NAME &&
216 rule.ruleContent?.startsWith('domain:')
217 ) {
218 deniedDomains.push(rule.ruleContent.substring('domain:'.length))
219 }
220 }
221
222 // Extract filesystem paths from Edit and Read rules
223 // Always include current directory and Claude temp directory as writable
224 // The temp directory is needed for Shell.ts cwd tracking files
225 const allowWrite: string[] = ['.', getClaudeTempDir()]
226 const denyWrite: string[] = []
227 const denyRead: string[] = []
228 const allowRead: string[] = []
229

Callers 2

initializeFunction · 0.85
refreshConfigFunction · 0.85

Calls 14

statSyncFunction · 0.90
getSettingsForSourceFunction · 0.85
getCwdStateFunction · 0.85
getOriginalCwdFunction · 0.85
ripgrepCommandFunction · 0.85

Tested by

no test coverage detected