Claude Code Launches Web Version with Advanced Sandbox Controls
Key Points
- Claude Code now has a web‑based interface.
- Sandbox restricts file system and network access to specific folders and servers.
- Internet access is routed through a Unix domain socket to an external proxy.
- Proxy enforces domain restrictions and prompts user confirmation for new domains.
- Developers can customize proxy rules for outgoing traffic.
- Agent can fetch npm packages from approved sources without constant approvals.
- Reduced approval steps improve workflow but increase reliance on code review.
- Features are in beta for Pro and Max subscription users.
Anthropic has introduced a web version of its Claude Code AI coding assistant, featuring a new sandbox that limits file system and network permissions to specific folders and servers. The network isolation works through a Unix domain socket linked to an external proxy that enforces domain restrictions and asks users for confirmation on new requests. Users can customize proxy rules, allowing the agent to fetch npm packages from approved sources without unrestricted internet access. While the changes reduce approval steps and improve security against prompt injection, Anthropic notes that developers must still prioritize code review to catch potential mistakes.
Web Access and Enhanced Sandbox
Claude Code, Anthropic’s AI coding assistant, is now available as a web application. The rollout includes a redesigned sandbox that shifts from broad approval requirements to more granular permissions. Instead of granting the agent unrestricted access, the sandbox permits interactions only with designated file system folders and network servers. This approach cuts down the number of approval steps developers must take while strengthening defenses against prompt injection and related risks.
Network Isolation via Proxy
According to Anthropic’s engineering blog, the new network isolation model permits internet connectivity solely through a Unix domain socket that connects to a proxy server operating outside the sandbox. The proxy server “enforces restrictions on the domains that a process can connect to, and handles user confirmation for newly requested domains.” Users have the ability to tailor the proxy’s configuration, setting custom rules for outbound traffic.
Practical Benefits for Developers
With this setup, the coding agent can retrieve npm packages from approved sources without needing constant user approvals for each network request. This streamlined workflow enables developers to work more independently, focusing on higher‑level tasks rather than repeatedly authorizing low‑level actions. The reduced friction is presented as a significant advantage for many developers, who may find the convenience outweighs the previous overhead of line‑by‑line approvals.
Security and Review Considerations
Anthropic cautions that the convenience introduced by the sandbox’s relaxed approval model also carries risks. The earlier “too‑many‑approvals” approach ensured developers closely inspected every change, acting as a safeguard against erroneous or malicious code. By simplifying the approval process, there is a heightened need for diligent code review to avoid missing potential mistakes made by Claude Code.
Availability
The new features are currently offered as a beta research preview. Access is limited to Claude users who hold Pro or Max subscriptions, allowing them to test the web interface and sandbox improvements before wider deployment.