The Claude Code Changelog
All Episodes

Claude Code Hardens Local Sandboxes and Remote Calls

This episode digs into Claude Code v2.1.187’s new sandbox.credentials setting, which blocks sandboxed access to local secrets like SSH keys, AWS files, and .env data while pushing workflows toward explicit, least-privilege access. It also covers the new five-minute timeout for remote tool calls and the MCP CLI login/logout commands that make secure remote integrations much easier to manage.

This show was created with Jellypod, the AI Podcast Studio. Create your own podcast with Jellypod today.


Chapter 1

Hardening the Sandbox with Claude Code v2.1.187

Lachlan Reed

Brought to you by Jellypod AI. So, I- I- I was poking around the changelog for Claude Code v2.1.187 last night in the shed, and, man, they put in this new setting called sandbox.credentials that is a massive deal if you're running agentic code locally. It basically stops the sandboxed execution environment from ever snooping on your local credentials. Think SSH keys, AWS config files, even your local .env files. It's like putting a deadbolt on your digital backyard gate.

James Turner

[excited] Oh, wait, so it's- it's blocking direct read access to things like ~/.aws/credentials or .env inside the project directory? That's huge because usually, when you spin up an automated agent to write or test code, it has the run of the mill. If a dependency is compromised, it could just... poof, exfiltrate your API keys.

Lachlan Reed

[matter-of-fact] Exactly! Spot on. It- it- it stops that cold. If you run a command in the sandbox, and it tries to grab those sensitive files, it just gets a hard "permission denied." And the beauty of it is how dead simple it is to turn on. You just run /config sandbox.credentials=true right inside the Claude Code prompt, or you can dump it into your global config file if you want it on by default for every single project.

James Turner

[thoughtfully] Huh. Okay, but let me push back a bit on the workflow. If I'm working on a project that legitimately needs those AWS credentials to run integration tests inside the sandbox, does turning this on completely break my local dev loop? Or is there a way to selectively pass things through?

Lachlan Reed

[chuckles] Yeah, nah, fair point. It would absolutely throw a spanner in the works if you blocked everything blindly. But what it does is it forces you to be explicit. Instead of the sandbox having passive, ambient access to your whole machine's credential store, you have to explicitly define what environment variables get injected. It's about moving from "open by default" to "least privilege."

James Turner

[measured] Right, right. It makes you declare your inputs. That makes a ton of sense from a security posture. Oh, and speaking of v2.1.187, didn't they also address that annoying issue where remote tool calls would just hang forever? Like, if an external API went dark, the whole terminal session would just freeze up?

Lachlan Reed

[responds quickly] Oh, mate, don't get me started. It used to sit there spinning its wheels. Now, they've implemented a hard five-minute abort timeout on remote tool calls. If a remote tool doesn't respond within five minutes, the client automatically aborts the call. No more infinite hangs ruining your automated pipelines.

James Turner

[smiles] Five minutes is still a bit long for an interactive session, but for an unattended CI/CD run, having an absolute ceiling is a lifesaver. It keeps the runner from burning through billable minutes doing absolutely nothing.

Lachlan Reed

Too right. And hey, there was another neat addition just a version prior in v2.1.186 that ties into this whole ecosystem play—the new MCP CLI commands. They've added claude mcp login and claude mcp logout directly into the tool. Makes authenticating with Model Context Protocol servers a absolute breeze.

James Turner

[curious] Wait, so you can authenticate directly from the command line now instead of manually editing json config files with tokens? How does that actually look when you run it?

Lachlan Reed

[warmly] Yeah, it's- it's super slick. You just type claude mcp login, and it handles the OAuth flow or token exchange right there, saving the session securely. Then, when you're done or if you're on a shared machine, you just run claude mcp logout to tear down the credentials. It makes working with remote MCP tools feel like a first-class citizen.

James Turner

[thoughtfully] That's a massive quality-of-life upgrade. It really feels like they're hardening this tool to move from a hobbyist playground into serious, secure enterprise environments. Alright, I'm going to go update my global config right now.

Lachlan Reed

Too easy, mate. Catch you later.