Why bother sandboxing Claude Code if I trust the model?

You're not sandboxing the model — you're sandboxing the commands the model proposes. A wrong rm -rf var/cache on your host hits a symlinked storefront. A composer require on the wrong terminal updates the live VPS. A test that runs bin/magento config:set writes into app/etc/env.php and pollutes your dev DB. The sandbox isolates blast radius. Standard setup: Docker container with the codebase mounted read-write, vendor/ mounted read-only, MySQL on a throwaway volume, and a fresh DB dump restored on every container start.