ClaudeCodeLab
Tips & Tricks (अपडेट किया गया: 22/5/2026)

Claude Code Approval aur Sandbox Guide | Roz ke kaam ke liye safe settings

Claude Code me allow, ask, deny aur sandbox ko kaise baantna chahiye - practical settings, hooks aur real workflow examples ke saath.

Claude Code Approval aur Sandbox Guide | Roz ke kaam ke liye safe settings

Sirf itna ki approval on hai, iska matlab yeh nahin ki Claude Code safe hai. Jab confirmations bahut zyada ho jaati hain to log padhna band kar dete hain. Jab allow bahut wide ho jata hai, agent un actions tak pahunch sakta hai jahan insaan ko rukna chahiye tha.

Yeh article un logon ke liye hai jo getting started ke baad agla practical step dhoondh rahe hain: kaun sa kaam automatic hona chahiye, kaun sa approval maange, aur kaun sa seedha deny hona chahiye? Context ke liye harness engineering, permissions guide aur security failure cases bhi dekhen.

Approval safety ke barabar nahin hai

Roz ke use ke liye aam taur par teen layers chahiye:

ControlKaamExamples
permission rulesallow / ask / deny boundarysecrets, destructive commands, deploy
approval flowirreversible side effects se pehle ruknagit push, publish, send
sandboxshell ki reach chhoti karnabuild, verification, exploratory scripts

Official references ke liye permissions, settings aur hooks best source hain. Core idea yeh hai: jo reversible hai woh fast hona chahiye; jo irreversible hai woh jaan-boojhkar slow hona chahiye.

Daily work ke liye practical split

ActionSuggested ruleReason
Files padhna, search, diff dekhnaallowLow risk
build, test, lint, analyticsallowIteration slow nahin honi chahiye
Branch me code editask ya session allowRepo maturity par depend karta hai
git push, deploy, publish, sendaskReal side effect
.env padhna, rm -rf, git reset --harddenyBahut high blast radius
External APIs me writeaskReal systems par asar

Useful baseline for .claude/settings.json

{
  "$schema": "https://json.schemastore.org/claude-code-settings.json",
  "permissions": {
    "allow": [
      "Read",
      "Grep",
      "Glob",
      "Bash(npm run build)",
      "Bash(npm run test)",
      "Bash(node scripts/analytics-report.mjs *)"
    ],
    "ask": [
      "Edit",
      "Write",
      "Bash(git push *)",
      "Bash(npx wrangler pages deploy *)",
      "Bash(node scripts/outreach-send-mails.mjs --send)",
      "WebFetch(domain:api.gumroad.com)"
    ],
    "deny": [
      "Read(./.env)",
      "Read(./.env.*)",
      "Bash(rm -rf *)",
      "Bash(git reset --hard *)",
      "Bash(curl * | sh)"
    ]
  },
  "sandbox": {
    "enabled": true,
    "failIfUnavailable": false
  }
}

Agar aapke environment me sandbox support weak hai, to side effect wale actions ko zyada aggressively ask me rakhiye.

Hooks se repeat mistakes kam hoti hain

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash(git add*)",
        "hooks": [{
          "type": "command",
          "command": "git diff --cached --name-only | grep -E '^\\.env' && echo 'Blocked: .env staged' && exit 1 || exit 0"
        }]
      },
      {
        "matcher": "Bash(npx wrangler pages deploy*)",
        "hooks": [{
          "type": "command",
          "command": "npm run build"
        }]
      }
    ],
    "PostToolUse": [
      {
        "matcher": "Edit|Write",
        "hooks": [{
          "type": "command",
          "command": "npm run test || true"
        }]
      }
    ]
  }
}

Yahan pattern simple hai:

  • commit se pehle secrets block karo
  • deploy se pehle build force karo
  • edit ke baad deterministic verification chalao

Teen real workflows

  1. Content site: analytics dekho, topic chuno, locales banao, build karo, deploy karo, public URL kholo, Playwright se mobile verify karo.
  2. App repo: read, diff, refactor, test fast ho sakte hain; push, migrations, production APIs aur infra changes ask me rehne chahiye.
  3. Outreach / backoffice: research aur drafting automatic ho sakte hain; send aur publish nahin.

Common failures

  1. Sab kuch ask me rakhkar bina padhe approve karna.
  2. --dangerously-skip-permissions ko daily habit bana lena.
  3. build success ko release success samajh lena.

Teesra failure multilingual sites me bahut common hai: build pass hota hai, lekin live URL purana rehta hai ya koi locale missing hoti hai.

Aaj humne practical level par kya badla

ClaudeCodeLab me daily rule ab yeh hai:

  • har run me ek naya article live hona chahiye
  • ek existing task bhi aage badhni chahiye
  • Playwright mobile verify karega
  • us article ke sabhi language URLs production me check honge

Safe automation vague warning se nahin, clear operating rules se aati hai.

Next step

Shuruat free cheatsheet se karo. Agar copy-paste settings, hooks aur setup examples chahiye to English products page dekho. Agar rollout, review flow ya safe automation boundary design me help chahiye to consultation page par jao.

#claude-code #permissions #approval #sandbox #security #workflow
मुफ़्त

मुफ़्त PDF: 5 मिनट में Claude Code चीटशीट

बस अपना ईमेल दर्ज करें और हम तुरंत A4 एक-पृष्ठ चीटशीट PDF भेज देंगे।

हम आपकी व्यक्तिगत जानकारी की सुरक्षा करते हैं और स्पैम नहीं भेजते।

Masa

लेखक के बारे में

Masa

Claude Code का गहराई से उपयोग करने वाले इंजीनियर। claudecode-lab.com चलाते हैं, जो 10 भाषाओं में 2,000 से अधिक पेजों वाला टेक मीडिया है।

संबंधित लेख

Claude Code की सम्पूर्ण शुरुआती गाइड 2026 | शून्य से प्रोफेशनल उपयोग तक 7 स्टेप्स में
Tips & Tricks

Claude Code की सम्पूर्ण शुरुआती गाइड 2026 | शून्य से प्रोफेशनल उपयोग तक 7 स्टेप्स में

पहली बार Claude Code उपयोग करने वालों के लिए पूरी गाइड। इंस्टॉलेशन से लेकर असली डेवलपमेंट वर्कफ्लो में शामिल करने तक — Masa के शुरुआती अनुभव के आधार पर।