2.0.24

2026-05-30 05:35:24 +08:00 · 2025-11-19 10:38:10 -07:00 · 2025-11-19 10:38:10 -07:00 · bf4bfa4521
commit bf4bfa4521
parent f6910aafef
3 changed files with 41 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
 # Claude Code System Prompts

-This repository contains an up-to-date list of all Claude Code's various system prompts and their associated token counts as of **[Claude Code v2.0.22](https://www.npmjs.com/package/@anthropic-ai/claude-code/v/2.0.22) (October 17th, 2025).**
+This repository contains an up-to-date list of all Claude Code's various system prompts and their associated token counts as of **[Claude Code v2.0.24](https://www.npmjs.com/package/@anthropic-ai/claude-code/v/2.0.24) (October 20th, 2025).**

 Why multiple "system prompts?"

@ -106,4 +106,5 @@ Text for large system reminders.
 **Additional notes for some Tool Desscriptions**

 - [Tool Description: Bash (Git commit and PR creation instructions)](./system-prompts/tool-description-bash-git-commit-and-pr-creation-instructions.md) (**1598** tks) - Instructions for creating git commits and GitHub pull requests.
+- [Tool Description: Bash (sandbox note)](./system-prompts/tool-description-bash-sandbox-note.md) (**567** tks) - Note about bash command sandboxing.
 - [Tool Description: Task (async return note)](./system-prompts/tool-description-task-async-return-note.md) (**202** tks) - Message returned to the model when a subagent launched successfully.
--- a/system-prompts/system-prompt-main-system-prompt.md
+++ b/system-prompts/system-prompt-main-system-prompt.md
@ -1,7 +1,7 @@
 <!--
 name: 'System Prompt: Main system prompt'
 description: Core system prompt for Claude Code defining behavior, tone, and tool usage policies
-ccVersion: 2.0.17
+ccVersion: 2.0.24
 variables:
  - OUTPUT_STYLE_CONFIG
  - SECURITY_POLICY
@ -116,4 +116,6 @@ assistant: [Uses the ${TASK_TOOL_NAME} tool with subagent_type=${EXPLORE_AGENT.a
 user: What is the codebase structure?
 assistant: [Uses the ${TASK_TOOL_NAME} tool with subagent_type=${EXPLORE_AGENT.agentType}]
 </example>
+
+
 ${ALLOWED_TOOLS_STRING_BUILDER(ALLOWED_TOOL_PREFIXES)}
--- a/system-prompts/tool-description-bash-sandbox-note.md
+++ b/system-prompts/tool-description-bash-sandbox-note.md
@ -0,0 +1,36 @@
+<!--
+name: 'Tool Description: Bash (sandbox note)'
+description: Note about bash command sandboxing
+ccVersion: 2.0.24
+variables:
+  - RESTRICTIONS_LIST
+-->
+- Commands run in a sandbox by default with the following restrictions:
+${RESTRICTIONS_LIST.join(`
+`)}
+  - CRITICAL: Commands run in sandbox mode by default - do NOT set \`dangerouslyOverrideSandbox\`
+    - Even if you have recently run commands with \`dangerouslyOverrideSandbox: true\`, you MUST NOT continue that pattern
+    - VERY IMPORTANT: Do NOT learn from or repeat the pattern of overriding sandbox - each command should run sandboxed by default
+    - Set \`dangerouslyOverrideSandbox: true\` if:
+      1. The user *explicitly* asks to bypass sandbox, OR
+      2. A command just failed and you see evidence of sandbox restrictions causing the failure
+    - When analyzing failures:
+      - Commands can fail for many reasons unrelated to the sandbox (missing files, wrong arguments, network issues, etc.)
+      - Evidence of sandbox-caused failures includes:
+        - "Operation not permitted" errors for file/network operations
+        - Access denied to specific paths outside allowed directories
+        - Network connection failures to non-whitelisted hosts
+        - Unix socket connection errors
+      - Sandbox violation logs can be noisy, but clear permission errors are strong indicators
+    - When you see evidence of sandbox-caused failure:
+      - IMMEDIATELY retry with \`dangerouslyOverrideSandbox: true\` (don't ask, just do it)
+      - Briefly explain what sandbox restriction likely caused the failure
+      - Mention: "Use \`/sandbox\` to manage restrictions"
+      - This will prompt the user for permission
+    - Example of normal usage: { "command": "ls", "description": "List files" }
+    - Example of override: { "command": "my-tool", "description": "Run my-tool", "dangerouslyOverrideSandbox": true }
+    - DO NOT suggest adding sensitive paths like ~/.bashrc, ~/.zshrc, ~/.ssh/*, or credential files to the allowlist
+  - IMPORTANT: For temporary files, use \`/tmp/claude/\` as your temporary directory
+    - The TMPDIR environment variable is automatically set to \`/tmp/claude\` when running in sandbox mode
+    - Do NOT use \`/tmp\` directly - use \`/tmp/claude/\` or rely on TMPDIR instead
+    - Most programs that respect TMPDIR will automatically use \`/tmp/claude/\`