How do I run Claude Code safely in production?

Install Railroad. It intercepts every Claude Code action before it executes — safe commands fly through instantly, dangerous commands like terraform destroy or rm -rf are blocked. You get the speed of --dangerously-skip-permissions without the risk.

Is Railroad a sandbox?

No. Sandboxes restrict where your agent can work — they limit file access, network, and tools. Railroad only restricts what commands your agent can run. Your agent keeps full access to your project, your tools, and your workflow.

What does --dangerously-skip-permissions do in Claude Code?

It skips all permission checks, letting Claude Code execute any command without asking for approval. Destructive commands like terraform destroy or DROP TABLE run without any safety net. Railroad makes this flag safe to use.

What commands does Railroad block?

Railroad blocks whatever you configure in railroad.yaml. Common blocklist entries include terraform destroy, rm -rf, DROP TABLE, push --force, and drizzle-kit push --force. You can also flag commands for manual approval.

Does Railroad add latency?

Under 2ms per command. 99% of commands execute instantly. Railroad runs on-device — nothing leaves your machine, no network calls, no cloud dependency.

Running 10 Claude Code Agents Simultaneously — Without Breaking Everything

Running one Claude Code agent is powerful. Running ten at the same time — one on your frontend, one on your backend, one writing tests, one updating docs, one refactoring your infrastructure — is a force multiplier that changes how you ship software.

But without coordination, ten agents working on the same codebase is ten agents fighting over the same codebase.

The appeal: 10x throughput

The math is straightforward. A single Claude Code session handles one task at a time. It writes code, waits for tests, iterates. A complex feature might take 30 minutes of agent time. If you have ten features to ship, that's five hours of serial work.

With ten parallel sessions, it's 30 minutes.

Teams running parallel Claude Code agents report shipping entire sprint backlogs in a single afternoon. Frontend components, API endpoints, database migrations, test suites, documentation updates — all happening concurrently. The constraint shifts from "how fast can the agent work" to "how many tasks can you define."

This is where the industry is heading. The question isn't whether you'll run multiple agents. It's whether you'll do it safely.

What goes wrong without coordination

Open ten terminals. Start ten Claude Code sessions against the same repo. Assign them different tasks. Within minutes, you'll hit problems that no individual agent can see or solve.

File conflicts

Agent A is refactoring src/auth/middleware.ts. Agent B is adding rate limiting to the same file. Both agents read the file, make their changes, and write it back. Agent B's write overwrites Agent A's refactoring. Agent A doesn't know its work is gone. It keeps building on code that no longer exists in the file.

Race conditions on shared state

Agent C updates package.json to add a new dependency. Agent D updates package.json to change a script. Both read the file at roughly the same time. Both write it back. Whichever writes second wins — and the other agent's changes vanish silently.

Cascading failures

Agent E modifies a shared utility function's signature. Agents F, G, and H are importing that function. They wrote their code against the old signature. Their code compiles when they test it — but after Agent E's change lands, everything breaks. Now three agents are debugging failures caused by a fourth agent they don't know about.

One agent undoing another's work

Agent I deletes a file it considers unused. Agent J is actively extending that file. Agent J's next write recreates the file, but without the deletion context. Agent I sees the file reappear and deletes it again. You now have two agents in an infinite loop, and neither knows why.

These aren't theoretical. They're the first thing that happens when you run parallel sessions without coordination.

Why Claude Code alone doesn't solve this

Claude Code has no built-in session awareness. Each instance runs in isolation. It doesn't know other sessions exist, what files they're editing, or what commands they're running.

There's no locking mechanism. No conflict detection. No way for one session to signal another. Each agent operates as if it has exclusive access to the entire codebase — because from its perspective, it does.

This isn't a bug. Claude Code is designed as a single-session tool. Multi-agent coordination is a layer that has to exist outside the agent itself.

Railroad's coordination layer

Railroad intercepts every tool call across every Claude Code session on your machine. It doesn't just enforce safety rules — it coordinates access to shared resources.

File-level locking across sessions

When an agent writes to a file, Railroad acquires a lock on that file path. If a second agent tries to write to the same file, Railroad blocks the write and notifies the agent that the file is locked by another session.

The lock is automatic. No configuration needed. No changes to your workflow. Your agent simply gets told "this file is currently being edited by session abc123" and can move on to other work or wait.

Session 1:  ✓ Write src/auth/middleware.ts    [lock acquired]
Session 2:  ⏸ Write src/auth/middleware.ts    [locked by session 1]
Session 1:  ✓ Write src/auth/middleware.ts    [lock released]
Session 2:  ✓ Write src/auth/middleware.ts    [lock acquired]

No conflicts. No silent overwrites. No lost work.

Session awareness

Each Railroad-managed agent knows what other sessions are actively editing. This context is injected automatically — agents can see which files are locked and by whom. An agent assigned to work on the API layer won't accidentally wander into files that the frontend agent is actively modifying.

Self-healing locks

Locks are protected by a heartbeat mechanism with a 60-second timeout. If an agent crashes, hangs, or the terminal is closed, Railroad verifies the PID of the owning session. If the process is gone, the lock is released automatically.

No stale locks. No manual cleanup. No orphaned files that nobody can edit because a session died two hours ago.

# See all active locks across sessions
railroad locks

LOCK                          SESSION      PID     AGE
src/auth/middleware.ts        a1b2c3       48201   12s
src/api/routes/users.ts       d4e5f6       48203   34s
prisma/schema.prisma          g7h8i9       48207   8s

Safety across all sessions

Railroad's blocklist applies to every session uniformly. If terraform destroy is blocked, it's blocked in all ten sessions. If npm publish requires approval, it requires approval regardless of which agent runs it.

blocklist:
  - terraform destroy
  - "rm -rf"
  - "DROP TABLE"
  - "push --force"

approve:
  - npm publish
  - docker push
  - terraform apply

One policy file. Ten agents. Consistent enforcement.

Observability across all sessions

Running ten agents without visibility into what they're doing is running blind. Railroad gives you a live view of every session.

Live dashboard

railroad dashboard

The dashboard shows all active sessions, what each agent is currently doing, which files are locked, and which commands have been blocked or approved. You see the entire fleet of agents from a single terminal.

Session replay

railroad replay --session a1b2c3

Full replay of every tool call, every file write, every blocked command for any session. When something goes wrong, you can trace exactly what happened, in what order, and why.

Per-session rollback

Every file write across every session is snapshotted. If Agent 7 makes a bad change, you roll back Agent 7 without affecting Agents 1 through 6.

railroad rollback --session a1b2c3 --steps 3

Practical setup

Install Railroad

cargo install --git https://github.com/railroad-dev/railroad.git
railroad install

Railroad registers hooks with Claude Code, sets up the coordination layer, and loads your policy file. It's open-source, MIT-licensed, written in Rust, and runs entirely on-device. Nothing leaves your machine.

Create your policy

Drop a railroad.yaml in your project root with your blocklist and approval rules. This policy applies to all sessions in that project directory.

Launch your agents

Open your terminals and start your Claude Code sessions. Each session is automatically registered with Railroad. Locks, safety rules, and observability work immediately.

# Terminal 1 — Frontend
claude "Implement the new dashboard components in src/components/dashboard"

# Terminal 2 — Backend
claude "Add the /api/v2/analytics endpoints with proper validation"

# Terminal 3 — Tests
claude "Write integration tests for the auth flow in tests/integration"

# Terminal 4 — Database
claude "Create the Prisma migration for the analytics schema"

# Terminal 5 — Documentation
claude "Update API docs in docs/ to reflect the v2 endpoints"

All five agents work simultaneously. Railroad coordinates file access, enforces safety rules, and gives you full visibility into what each agent is doing.

Example: a real parallel workflow

Here's what a coordinated five-agent session looks like in practice:

Agent 1 (Frontend) creates new React components in src/components/dashboard/. It needs to import types from the API layer, so it reads src/types/api.ts — but doesn't write to it.

Agent 2 (Backend) builds new API routes in src/api/v2/. It updates src/types/api.ts with new response types. Railroad acquires a lock on that file.

Agent 3 (Tests) writes test files in tests/integration/. It reads source files to understand interfaces but only writes to the test directory. No conflicts.

Agent 4 (Database) creates migration files in prisma/migrations/ and updates prisma/schema.prisma. Railroad locks the schema file. No other agent can modify it simultaneously.

Agent 5 (Docs) updates markdown files in docs/. It reads API route files to document endpoints but only writes to the docs directory.

Five agents. Zero conflicts. Full throughput.

The only moment of coordination happens when Agent 1 needs the types that Agent 2 is updating. Railroad's lock tells Agent 1 that src/types/api.ts is being modified. Agent 1 waits briefly, reads the updated file, and continues with the correct types.

The bottom line

Parallel Claude Code agents are the obvious next step for teams adopting AI-assisted development. The throughput gains are real — tasks that took a full day of serial agent work collapse into a single session.

But without coordination, parallel agents create more problems than they solve. File conflicts, race conditions, and silent overwrites will cost you more time than you saved.

Railroad makes multi-agent workflows safe by default. File locking, session awareness, safety enforcement, and full observability — across every session, with no configuration overhead.

Install Railroad and start running your agents in parallel.