claude-code icon indicating copy to clipboard operation
claude-code copied to clipboard
Published 3 weeks ago verified publisher icon anthropics

[Bug] Sandbox blocks uv cache access during pytest execution

Open higumachan opened this issue 3 months ago • 5 comments

Bug Description When using sandbox and uv together, running pytest fails because it cannot access $HOME/.cache/uv/sdists-v9/.git.

⏺ Bash(uv run pytest -v) ⎿  Error: error: failed to open file $HOME/.cache/uv/sdists-v9/.git: Operation not permitted (os error 1)

 <sandbox_violations>
 uv(9813) deny(1) file-write-data $HOME/.cache/uv/sdists-v9/.git
 </sandbox_violations>

Environment Info

  • Platform: darwin
  • Terminal: ghostty
  • Version: 2.0.26
  • Feedback ID: 1c792d06-9b35-4f79-9656-056b857900f1

Errors ⏺ Bash(uv run pytest -v) ⎿  Error: error: failed to open file $HOME/.cache/uv/sdists-v9/.git: Operation not permitted (os error 1)

 <sandbox_violations>
 uv(9813) deny(1) file-write-data $HOME/.cache/uv/sdists-v9/.git
 </sandbox_violations>

higumachan avatar Oct 24 '25 04:10 higumachan

I have already added $HOME/.cache to add-dir.

/add-dir

Permissions:  Allow   Ask   Deny   Workspace   (tab to cycle)
 Claude Code can read files in the workspace, and make edits when auto-accept edits is on.

   -  /Users/<username>/ghq/github.com/higumachan/claude-sandbox-check/pytest_with_uv (Original working directory)
 ❯ 1. /Users/<username>/.cache
   2. Add directory…

higumachan avatar Oct 24 '25 04:10 higumachan

Something weird happened to me:

  1. Added Edit(/Users//.cache/**) to the permissions section
  2. It immediately worked and I was able to run "uv run python.." no problem
  3. After a while it STOPPED working and i noticed that the Edit() has VANISHED from ~/.claude/settings.json

What's going on? The full edit:

⏺ Update(~/.claude/settings.json)[/+]
⎿  Updated ../../.claude/settings.json with 2 additions and 4 removals
2 "permissions": {
3 "allow": [
4 "WebFetch",
5 - "WebSearch"
5 + "WebSearch",
6 + "Edit(~/.cache/**)"
7 ],
8 "deny": [
9 "Read(~/.aws/**)",
...

I'm on Mac

lior-airis avatar Nov 04 '25 15:11 lior-airis

This issue has been inactive for 30 days. If the issue is still occurring, please comment to let us know. Otherwise, this issue will be automatically closed in 30 days for housekeeping purposes.

github-actions[bot] avatar Dec 12 '25 10:12 github-actions[bot]

Hey, just adding that we are also running into this configuration limitation for subprocesses. It would be nice to be able to allow .git access (or I suppose .cache) outside the working directory and in sandbox, either explicitly or with ignoreViolations. I verified this is still happening in v2.0.76.

Would be nice to do something like (currently not honored)

"ignoreViolations": {
    "*": ["~/.cache"]
},

lynchifer avatar Dec 31 '25 17:12 lynchifer

Same here, please allow Claude code to respect Edit(/path/.git/**) as well

lior-airis avatar Dec 31 '25 22:12 lior-airis