software

Sandbox Mode: YOLO Speed Meets Actual Security

Published: (January 31, 2026 at 01:30 PM EST)
3 min read
Source: Dev.to

Source: Dev.to

Sandbox Mode: YOLO Speed Meets Actual Security

Define boundaries once. Claude works freely inside them.

The Permission Problem

If you’ve used Claude Code for any serious work, you know the permission dance. Claude asks before taking potentially risky actions, which keeps you in control, but the constant interruptions become productivity poison.

“Can I run npm install?” [Allow]
“Can I read this file?” [Allow]

Clicking Allow a hundred times per session isn’t safety—it’s theater. Real security comes from defining clear boundaries upfront, not from muscle‑memory clicking.

What Sandbox Mode Is

Sandbox Mode lets you define a security perimeter once. Inside that perimeter, Claude operates freely; outside, it’s locked out.

  • No more permission pop‑ups for every file write, command execution, or system interaction.
  • You keep the outside world safe while Claude runs at full speed.

Activating Sandbox Mode

# Start a sandbox session
/sandbox

Or launch Claude Code directly in sandbox mode:

claude --sandbox

You’ll be prompted to configure your boundaries:

🔒 Sandbox Configuration

Allowed directories (read/write):
> ./src, ./tests, ./docs

Allowed commands:
> npm *, yarn *, pnpm *, git status, git diff

Blocked paths:
> .env*, **/secrets/*, ~/.ssh

Maximum file size: 1 MB
Network access: disabled

Preset Profiles

Common sandbox profiles are available out of the box:

/sandbox --preset frontend

Enables typical frontend development permissions: npm/yarn commands, src directory access, build tooling, etc.

/sandbox --preset conservative

Minimal permissions: read‑only access to most files, explicit approval for writes.

/sandbox --preset project

Uses sandbox configuration from your project’s .claude/sandbox.json.

Project‑Level Sandbox Configuration

Store sandbox settings in .claude/sandbox.json so every team member gets the same safe defaults.

{
  "allowedPaths": ["./src", "./tests", "./scripts"],
  "blockedPaths": [".env*", "**/*.key", "**/credentials*"],
  "allowedCommands": ["npm test", "npm run build", "npm run lint"],
  "blockedCommands": ["rm -rf", "curl", "wget"],
  "networkAccess": false
}

Separate Read and Write Permissions

{
  "readPaths": ["./**"],
  "writePaths": ["./src", "./tests"]
}

Auditing Sandbox Activity

/sandbox --log

Shows everything Claude did within the sandbox—useful for security reviews and understanding AI behavior.

Temporary Expansions

Need to briefly allow something outside the sandbox? Use a one‑off allowance instead of reconfiguring everything:

/allow-once npm publish

Real‑World Use Case

“I’d ask Claude to update our component library. It needed to modify files across 15 packages, run tests, update snapshots, check types, and fix linting. Every single action required permission. I counted 73 permission prompts for one refactoring task. I started just clicking Allow without reading.”

With Sandbox Mode the developer configured:

{
  "allowedPaths": ["./packages/ui/**", "./packages/shared/**"],
  "allowedCommands": [
    "npm test -- --updateSnapshot",
    "npm run typecheck",
    "npm run lint -- --fix"
  ],
  "blockedPaths": ["**/package.json", "**/tsconfig.json"]
}

Now the sandbox is set once at the start of a session. Claude refactors freely within the boundaries, the developer reviews actual code changes instead of permission dialogs, and the config prevents accidental dangerous actions.

Bottom Line

Sandbox Mode is security done right. Instead of a hundred small, easily ignored permissions, you make a few deliberate decisions about boundaries. Claude gets the freedom to work efficiently, you retain peace of mind, and your workflow stays uninterrupted.

Define your walls. Let Claude build inside them.

Back to Blog

Related posts

Read more »