DEV Community

Cover image for Sandbox Mode: YOLO Speed Meets Actual Security
Rajesh Royal
Rajesh Royal

Posted on

Sandbox Mode: YOLO Speed Meets Actual Security

#tutorial #claudecode #productivity #beginners

Define boundaries once. Claude works freely inside them.

From: x.com/adocomplete

"Can I run npm install?" [Allow]
"Can I run npm test?" [Allow]

"Can I read this file?" [Allow]
"Can I write to this directory?" [Allow]
"Can I—" [ALLOW ALREADY!]

If you've used Claude Code for any serious work, you know the permission dance. It's well-intentioned — Claude asking before taking potentially risky actions keeps you in control. But when you're in the zone, those constant interruptions are productivity poison.

What if you could give Claude a playground with clear walls? Let it run wild inside, while keeping the outside world safe?

That's Sandbox Mode.

The Problem

Claude Code's default behavior is cautiously polite. Every file write, every command execution, every system interaction prompts for permission. This is the right default for a tool that can modify your codebase.

But in practice, you often know exactly what Claude should be allowed to do:

  • "Yes, you can run any npm command"
  • "Yes, you can modify anything in the src/ directory"
  • "Yes, you can read any file in this project"
  • "No, don't touch my ~/.ssh folder or environment files"

Clicking [Allow] a hundred times per session isn't safety — it's theater. Real security comes from defining clear boundaries upfront, not from muscle-memory clicking.

The constant interruptions also break your flow. You ask Claude to refactor a module, then spend the next five minutes babysitting permissions instead of reviewing the actual changes.

The Solution: Sandbox Mode

Sandbox Mode lets you define a security perimeter once. Inside that perimeter, Claude operates freely. Outside, it's locked out.

How to Use It

Activate sandbox mode with:

/sandbox
Enter fullscreen mode Exit fullscreen mode

Or start Claude Code directly in sandbox mode:

claude --sandbox
Enter fullscreen mode Exit fullscreen mode

You'll be prompted to configure your boundaries:

🔒 Sandbox Configuration

Allowed directories (read/write):
> ./src, ./tests, ./docs

Allowed commands:
> npm *, yarn *, pnpm *, git status, git diff

Blocked paths:
> .env*, **/secrets/*, ~/.ssh

Maximum file size: 1MB
Network access: disabled
Enter fullscreen mode Exit fullscreen mode

Once configured, Claude works at full speed within these boundaries. No more permission popups. No more flow interruption. Just execution.

Preset Configurations

Common sandbox profiles are available out of the box:

/sandbox --preset frontend
Enter fullscreen mode Exit fullscreen mode

This enables typical frontend development permissions: npm/yarn commands, src directory access, build tooling, etc.

/sandbox --preset conservative
Enter fullscreen mode Exit fullscreen mode

Minimal permissions: read-only access to most files, explicit approval for writes.

/sandbox --preset project
Enter fullscreen mode Exit fullscreen mode

Uses sandbox configuration from your project's .claude/sandbox.json:

{
  "allowedPaths": ["./src", "./tests", "./scripts"],
  "blockedPaths": [".env*", "**/*.key", "**/credentials*"],
  "allowedCommands": ["npm test", "npm run build", "npm run lint"],
  "blockedCommands": ["rm -rf", "curl", "wget"],
  "networkAccess": false
}
Enter fullscreen mode Exit fullscreen mode

Pro Tips

  1. Start restrictive, expand carefully: Begin with minimal permissions. Add access as you encounter legitimate needs. It's easier to grant than to un-compromise.

  2. Use project-level sandboxes: Store sandbox configurations in .claude/sandbox.json. Every team member gets the same safe defaults. No one accidentally gives Claude access to production credentials.

  3. Separate read and write permissions: You might want Claude to read your entire codebase but only write to specific directories:

   {
     "readPaths": ["./**"],
     "writePaths": ["./src", "./tests"]
   }
Enter fullscreen mode Exit fullscreen mode

  1. Audit sandbox activity: Use /sandbox --log to see everything Claude did within the sandbox. Great for security reviews and understanding AI behavior.

  2. Temporary expansions: Need to briefly allow something outside the sandbox? Use /allow-once npm publish instead of reconfiguring everything.

Real-World Use Case

A developer on a large monorepo described their old workflow:

"I'd ask Claude to update our component library. It needed to modify files across 15 packages, run tests, update snapshots, check types, and fix linting. Every single action required permission. I counted once: 73 permission prompts for one refactoring task. I started just clicking Allow without reading."

That last sentence is the real danger. Permission fatigue leads to rubber-stamping, which defeats the entire purpose.

With Sandbox Mode:

{
  "allowedPaths": ["./packages/ui/**", "./packages/shared/**"],
  "allowedCommands": [
    "npm test -- --updateSnapshot",
    "npm run typecheck",
    "npm run lint -- --fix"
  ],
  "blockedPaths": ["**/package.json", "**/tsconfig.json"]
}
Enter fullscreen mode Exit fullscreen mode

"Now I configure the sandbox once at the start of a session. Claude refactors freely within the boundaries. I review the actual code changes instead of permission dialogs. And the config file means I can't accidentally allow something dangerous when I'm tired."

Conclusion

Sandbox Mode is security done right. Instead of a hundred small, easily-ignored permissions, you make a few deliberate decisions about boundaries. Claude gets the freedom to work efficiently. You get peace of mind and uninterrupted flow.

Define your walls. Let Claude build inside them.

Tomorrow: Ever wondered if you're about to hit your usage limit mid-task? Day 28 reveals /usage — your window into Claude's consumption and how to push past the boundaries.

Your sandbox config should be as deliberate as your .gitignore. What paths and commands would you include?

Top comments (0)