Sandbox and Safety

BDL IDE applies sandbox and permission boundaries to reduce risk.

Sandboxed operations

Most file and command operations run with restricted capabilities by default.

Permission elevation

When a task needs broader access, explicit permission is requested first.

Defensive defaults

• Prefer read-only exploration before edits
• Run linters/tests after changes
• Avoid destructive git actions unless explicitly requested