Builds can run outside the sandbox

Claude may use dangerouslyDisableSandbox: true when invoking any cmake or make build target — including lightweight non-compilation targets such as deploy_skills.

Why: The compiler toolchain (clang++, gcc), sccache, and cmake's vcpkg compiler-detection step are all inaccessible inside the sandbox. Any cmake --build or make -C build/output/... invocation will fail if run sandboxed when CMake needs to re-configure. The user explicitly authorised running builds outside the sandbox (2026-05-22).

How to apply: Set dangerouslyDisableSandbox: true on the Bash tool call whenever running cmake --build, make -C build/output/..., or compass build. This is a standing authorisation — no need to confirm with the user each time.

Emacs 29.1 (Org mode 9.6.6)