How do I run Claude Code safely in production?

Install Railguard. It intercepts every Claude Code action before it executes — safe commands fly through instantly, dangerous commands like terraform destroy or rm -rf are blocked. You get the speed of --dangerously-skip-permissions without the risk.

Is Railguard a sandbox?

No. Sandboxes restrict where your agent can work — they limit file access, network, and tools. Railguard only restricts what commands your agent can run. Your agent keeps full access to your project, your tools, and your workflow.

What does --dangerously-skip-permissions do in Claude Code?

It skips all permission checks, letting Claude Code execute any command without asking for approval. Destructive commands like terraform destroy or DROP TABLE run without any safety net. Railguard makes this flag safe to use.

What commands does Railguard block?

Railguard blocks whatever you configure in railguard.yaml. Common blocklist entries include terraform destroy, rm -rf, DROP TABLE, push --force, and drizzle-kit push --force. You can also flag commands for manual approval.

Does Railguard add latency?

Under 2ms per command. 99% of commands execute instantly. Railguard runs on-device — nothing leaves your machine, no network calls, no cloud dependency.

Why We Built Railguard

Here's the dirty secret of AI coding agents: they're incredible, but everyone's running them with the handbrake on.

You want to use --dangerously-skip-permissions. You know it would 5x your throughput. But you've seen the horror stories — terraform destroy on production, DROP TABLE on live databases, force-pushes that wipe months of work. So you sit there, clicking "approve" on npm install for the hundredth time.

We built Railguard to remove the handbrake.

What Railguard actually does

Railguard is a runtime that sits between your AI agent and the outside world. Every action passes through it. It makes three decisions in under 2 milliseconds:

Allow — safe commands execute instantly. npm install, git commit, file writes. No friction, no prompts. This is 99% of what your agent does.
Block — destructive commands are stopped cold. terraform destroy, rm -rf /, shell injection attempts. Configurable, deterministic, pattern-matched. No LLM guessing.
Approve — risky-but-legitimate commands pause for your sign-off. npm publish, accessing paths outside the project. You decide, the agent waits.

Four things you unlock

1. Full autonomy

Run claude --dangerously-skip-permissions with an actual safety net underneath. OS-level sandboxing (sandbox-exec on macOS, bwrap on Linux) ensures the agent physically cannot access what it shouldn't. Your agent runs at full speed. You stop babysitting.

2. Parallel agents

Run 5 Claude Code sessions at once. Railguard's coordination layer prevents file conflicts — file-level locking, automatic session awareness, self-healing locks with heartbeat timeouts. One developer doing the work of five.

$ railguard locks
SESSION  FILE                      LOCKED
a3f9     src/auth/login.tsx        12s ago
b7c2     src/api/routes.ts         3s ago
d1e4     tests/auth.test.ts        8s ago

3. Instant recovery

Every file write is snapshotted before execution. If anything goes wrong:

$ railguard rollback --session a3f9 --steps 1   # undo last edit
$ railguard rollback --session a3f9              # undo entire session

You move fast because you can always go back.

4. Full observability

See everything your agents are doing, live:

$ railguard dashboard

Real-time stream of every action across all sessions. Search, filter, expand. Or replay any completed session after the fact with railguard replay --session <id>.

The setup

cargo install --git https://github.com/railyard-dev/railguard.git
railguard install

Two commands. Railguard registers hooks with Claude Code, configures the sandbox, and you're running. Drop a railguard.yaml in your project to customize rules. Changes take effect instantly — no restart needed.

The philosophy

The fastest developers aren't the ones who skip safety checks. They're the ones with safety infrastructure good enough that they never have to slow down.

Railguard is that infrastructure. Open-source, MIT-licensed, written in Rust, runs on-device with zero latency overhead. Nothing leaves your machine.

Star us on GitHub or join the Discord.