From bf4bfa4521750f6c0514142fedbf4cf277bf7369 Mon Sep 17 00:00:00 2001
From: bl-ue <54780737+bl-ue@users.noreply.github.com>
Date: Wed, 19 Nov 2025 10:38:10 -0700
Subject: [PATCH] 2.0.24

---
 README.md                                     |  3 +-
 .../system-prompt-main-system-prompt.md       |  4 ++-
 .../tool-description-bash-sandbox-note.md     | 36 +++++++++++++++++++
 3 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 system-prompts/tool-description-bash-sandbox-note.md

diff --git a/README.md b/README.md
index c05be9f..1f4332b 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Claude Code System Prompts
 
-This repository contains an up-to-date list of all Claude Code's various system prompts and their associated token counts as of **[Claude Code v2.0.22](https://www.npmjs.com/package/@anthropic-ai/claude-code/v/2.0.22) (October 17th, 2025).**
+This repository contains an up-to-date list of all Claude Code's various system prompts and their associated token counts as of **[Claude Code v2.0.24](https://www.npmjs.com/package/@anthropic-ai/claude-code/v/2.0.24) (October 20th, 2025).**
 
 Why multiple "system prompts?"
 
@@ -106,4 +106,5 @@ Text for large system reminders.
 **Additional notes for some Tool Desscriptions**
 
 - [Tool Description: Bash (Git commit and PR creation instructions)](./system-prompts/tool-description-bash-git-commit-and-pr-creation-instructions.md) (**1598** tks) - Instructions for creating git commits and GitHub pull requests.
+- [Tool Description: Bash (sandbox note)](./system-prompts/tool-description-bash-sandbox-note.md) (**567** tks) - Note about bash command sandboxing.
 - [Tool Description: Task (async return note)](./system-prompts/tool-description-task-async-return-note.md) (**202** tks) - Message returned to the model when a subagent launched successfully.
diff --git a/system-prompts/system-prompt-main-system-prompt.md b/system-prompts/system-prompt-main-system-prompt.md
index 7614f7b..c0c94ee 100644
--- a/system-prompts/system-prompt-main-system-prompt.md
+++ b/system-prompts/system-prompt-main-system-prompt.md
@@ -1,7 +1,7 @@
 <!--
 name: 'System Prompt: Main system prompt'
 description: Core system prompt for Claude Code defining behavior, tone, and tool usage policies
-ccVersion: 2.0.17
+ccVersion: 2.0.24
 variables:
   - OUTPUT_STYLE_CONFIG
   - SECURITY_POLICY
@@ -116,4 +116,6 @@ assistant: [Uses the ${TASK_TOOL_NAME} tool with subagent_type=${EXPLORE_AGENT.a
 user: What is the codebase structure?
 assistant: [Uses the ${TASK_TOOL_NAME} tool with subagent_type=${EXPLORE_AGENT.agentType}]
 </example>
+
+
 ${ALLOWED_TOOLS_STRING_BUILDER(ALLOWED_TOOL_PREFIXES)}
diff --git a/system-prompts/tool-description-bash-sandbox-note.md b/system-prompts/tool-description-bash-sandbox-note.md
new file mode 100644
index 0000000..8c39489
--- /dev/null
+++ b/system-prompts/tool-description-bash-sandbox-note.md
@@ -0,0 +1,36 @@
+<!--
+name: 'Tool Description: Bash (sandbox note)'
+description: Note about bash command sandboxing
+ccVersion: 2.0.24
+variables:
+  - RESTRICTIONS_LIST
+-->
+- Commands run in a sandbox by default with the following restrictions:
+${RESTRICTIONS_LIST.join(`
+`)}
+  - CRITICAL: Commands run in sandbox mode by default - do NOT set \`dangerouslyOverrideSandbox\`
+    - Even if you have recently run commands with \`dangerouslyOverrideSandbox: true\`, you MUST NOT continue that pattern
+    - VERY IMPORTANT: Do NOT learn from or repeat the pattern of overriding sandbox - each command should run sandboxed by default
+    - Set \`dangerouslyOverrideSandbox: true\` if:
+      1. The user *explicitly* asks to bypass sandbox, OR
+      2. A command just failed and you see evidence of sandbox restrictions causing the failure
+    - When analyzing failures:
+      - Commands can fail for many reasons unrelated to the sandbox (missing files, wrong arguments, network issues, etc.)
+      - Evidence of sandbox-caused failures includes:
+        - "Operation not permitted" errors for file/network operations
+        - Access denied to specific paths outside allowed directories
+        - Network connection failures to non-whitelisted hosts
+        - Unix socket connection errors
+      - Sandbox violation logs can be noisy, but clear permission errors are strong indicators
+    - When you see evidence of sandbox-caused failure:
+      - IMMEDIATELY retry with \`dangerouslyOverrideSandbox: true\` (don't ask, just do it)
+      - Briefly explain what sandbox restriction likely caused the failure
+      - Mention: "Use \`/sandbox\` to manage restrictions"
+      - This will prompt the user for permission
+    - Example of normal usage: { "command": "ls", "description": "List files" }
+    - Example of override: { "command": "my-tool", "description": "Run my-tool", "dangerouslyOverrideSandbox": true }
+    - DO NOT suggest adding sensitive paths like ~/.bashrc, ~/.zshrc, ~/.ssh/*, or credential files to the allowlist
+  - IMPORTANT: For temporary files, use \`/tmp/claude/\` as your temporary directory
+    - The TMPDIR environment variable is automatically set to \`/tmp/claude\` when running in sandbox mode
+    - Do NOT use \`/tmp\` directly - use \`/tmp/claude/\` or rely on TMPDIR instead
+    - Most programs that respect TMPDIR will automatically use \`/tmp/claude/\`