超越权限提示:使 Claude Code 更安全和自主
In Claude Code, Claude writes, tests, and debugs code alongside you, navigating your codebase, editing multiple files, and running commands to verify its work. Giving Claude this much access to your codebase and files can introduce risks, especially in the case of prompt injection.
在Claude Code中,Claude 与您一起编写、测试和调试代码,导航您的代码库,编辑多个文件,并运行命令来验证其工作。赋予 Claude 如此多的代码库和文件访问权限可能会引入风险,尤其是在 prompt injection 的情况下。
To help address this, we’ve introduced two new features in Claude Code built on top of sandboxing, both of which are designed to provide a more secure place for developers to work, while also allowing Claude to run more autonomously and with fewer permission prompts. In our internal usage, we've found that sandboxing safely reduces permission prompts by 84%. By defining set boundaries within which Claude can work freely, they increase security and agency.
为了帮助解决这个问题,我们在 Claude Code 中引入了两个基于 sandboxing 的新功能,这两个功能都旨在为开发者提供更安全的工作环境,同时允许 Claude 更自主地运行,并减少权限提示。在我们的内部使用中,我们发现 sandboxing 可以安全地将权限提示减少 84%。通过定义 Claude 可以自由工作的固定边界,它们提高了安全性和自主性。
Keeping users secure on Claude Code
在 Claude Code 上保持用户安全
Claude Code runs on a permission-based model: by default, it's read-only, which means it asks for permission before making modifications or running any commands. There are some exceptions to this: we auto-allow safe commands like echo or cat, but most operations still need explicit approval.
Claude Code 基于权限模型运行:默认情况下它是只读的,这意味着在进行修改或运行任何命令之前它会请求权限。这里有一些例外:我们自动允许像 echo 或 cat 这样的安全命令,但大多数操作仍需要明确批准。
Constantly clicking "approve" slows down development cycles and can lead to ‘approval fatigue’, where users might not pay close attention to what they're approving, and in turn making development less safe.
不断点击“approve”会减慢开发周期,并可能导致“approval fatigue”,用户可能不会密切注意他们批准的内容,从而使开发变得不那么安全。
To address this, we launched sandboxing for Claude Code.
为了解决这个问题,我们为 Claude Code 推出了沙箱功能。
Sandboxing: a safer and more autonomous approach
沙箱:更安全、更自主的方法
Sandboxing creates pre-defined boundaries within which Claude can work more freely, instead of asking for p...