Your Sandbox Can Run the Code but Shouldn't Read Your Credentials — Shrinking the Secret-Read Surface with sandbox.credentials
Claude Code's sandbox can still read ~/.aws/credentials and token env vars by default. Using sandbox.credentials (v2.1.187+), here is how I tightened the secret-read surface of unattended runs at the OS level, with config and verification you can reuse.
When Claude Code's Bash Tool Hits Permission Denied on /tmp — A $HOME/repos Fallback Pattern
A practical look at why git clone inside Claude Code's sandboxed Bash sometimes fails with Permission denied on /tmp, and how a tiny $HOME/repos fallback keeps unattended schedules alive across four indie sites.
When pip install Stops with externally-managed-environment in Cowork's Bash Sandbox — Three Patterns for PEP 668
Why pip install fails with externally-managed-environment in Cowork's Bash sandbox, and three practical fixes — --break-system-packages, venv, and pipx — written from real scheduled-task experience.
Claude Mythos in Production: A Deployment Playbook From Internals to Operations
Most Claude Mythos coverage stops at conceptual overviews. This playbook covers actual production deployment — System Card highlights that change implementation, gateway architecture, sandboxing, prompt-injection defense, monitoring, and scaling — with patterns from running Mythos-aware services.
How to Commit and Push via GitHub REST API When git CLI Fails in VM Environments
A practical guide to using GitHub REST API (blobs→trees→commits→refs) to push files when git CLI is blocked by index.lock, ownership errors, or permission issues in VM and sandbox environments.
Claude Mythos Explained — Understanding Anthropic's New Agent-Focused Product Through Its System Card
A deep dive into Claude Mythos, Anthropic's new sandboxed agent model. Covers the system card, sandbox architecture, comparison with general Claude models, and practical adoption scenarios.
Claude Managed Agents Sandbox Design: Running Autonomous Agents Safely in Production
A deep dive into the sandbox architecture of Claude Managed Agents, with production-ready security patterns and implementation code for running autonomous agents safely.