← Back to blog
3 min read

Claude Code in Production: How to Prevent the 3am Incident

Real incidents show what happens when AI coding agents run without guardrails. Here's how to make Claude Code production-safe with Railroad.

Claude Codeproductionsafetyincidents

AI coding agents like Claude Code are transforming how developers ship software. But they're also introducing a new class of production incidents that nobody saw coming.

Real incidents, real data loss

February 26, 2026 — DataTalks.Club. A Claude Code agent was tasked with cleaning up AWS resources. It ran terraform destroy on a production stack. VPC, RDS, ECS — everything. 2.5 years of student data. 1.9 million rows. Gone.

February 19, 2026 — GitHub Issue #27063. A background Claude agent ran drizzle-kit push --force against a production PostgreSQL database. 60+ tables. Months of data. Unrecoverable.

These aren't edge cases. They're the inevitable result of giving AI agents unrestricted access to production systems.

Why existing safeguards fail

Manual approval doesn't scale

Claude Code's default permission model asks you to approve every command. It works — until it doesn't. After 50 approvals, you're on autopilot. You stop reading. The 51st command is terraform destroy, and you hit y out of habit.

--dangerously-skip-permissions is all or nothing

The flag gives your agent full autonomy. There's no middle ground — either you approve everything manually, or you approve nothing. The name tells you everything you need to know.

Sandboxes are too restrictive

Container-based sandboxes lock your agent into an isolated environment. Your agent can't access your real project files, your real tools, or your real infrastructure. You're safe, but you're also not getting anything done.

Railroad: the middle ground

Railroad is a runtime layer that intercepts every agent action before it executes. It doesn't restrict where your agent can work — it restricts what commands it can run.

  • Safe commands like npm install, git commit, and file writes execute instantly with under 2ms of overhead
  • Dangerous commands like terraform destroy, rm -rf, and DROP TABLE are blocked immediately
  • Risky commands like npm publish or docker push pause for your approval

Your agent runs at full speed on 99% of commands. The 1% that could destroy production never execute.

Setting up Railroad for production safety

cargo install --git https://github.com/railroad-dev/railroad.git
railroad install

Then create a railroad.yaml tailored to your stack:

blocklist:
  - terraform destroy
  - terraform apply -auto-approve
  - "DROP TABLE"
  - "DROP DATABASE"
  - "rm -rf"
  - "push --force"
  - drizzle-kit push --force
  - kubectl delete namespace

approve:
  - npm publish
  - docker push
  - terraform apply

Every file write is snapshotted automatically. If anything goes wrong, railroad rollback gets you back instantly.

The bottom line

AI coding agents in production are inevitable. Production incidents from those agents are not. Railroad gives you the speed of full autonomy with the safety of manual review — without the tedium of either.

Install Railroad and make your AI agents production-safe.