Problem
sbx provides no way to exclude files or directories from being synced into the sandbox. This forces syncing of large directories like node_modules, metadata like .git, and — critically — sensitive files such as .env and certificates into the sandbox environment.
Since sbx uses mutagen for file synchronization, and mutagen already supports --ignore patterns natively, this seems like low-hanging fruit to
expose.
Current Workaround
We maintain a wrapper script that runs mutagen before sbx to sync the project into a filtered temp directory, then points sbx create at that temp directory instead of the real project root:
EXCLUDE_PATTERNS=(".git" ".env" "*.crt" "node_modules")
# Build mutagen --ignore flags
IGNORE_ARGS=()
for p in "${EXCLUDE_PATTERNS[@]}"; do IGNORE_ARGS+=(--ignore="$p"); done
# Sync to temp directory with exclusions
MOUNT_POINT="/tmp/ai-sandbox-$FOLDER_NAME"
mutagen sync create "$SRC_PATH" "$MOUNT_POINT" \
--name="ai-sandbox" \
--sync-mode=two-way-resolved \
"${IGNORE_ARGS[@]}"
mutagen sync flush "ai-sandbox"
# Point sbx at the filtered copy, not the original
sbx create --name "$sb_name" claude "$MOUNT_POINT"
This works, but it's clunky — we're managing our own mutagen session lifecycle (create, flush, resume, pause, terminate) just to work around a
missing option. It also means we have two independent sync layers: our mutagen session syncing source to temp, and sbx's own sync from temp into the sandbox.
Proposed Solution
Expose mutagen's existing --ignore patterns through the sbx CLI:
# Repeatable flag
sbx create my-sandbox claude ./my-project \
--sync-ignore=".git" \
--sync-ignore="node_modules" \
--sync-ignore="*.crt" \
--sync-ignore=".env"
And/or support a .sbxignore file at the project root (like .dockerignore or .gitignore):
# .sbxignore
.git
.env
node_modules
*.crt
Why This Matters
- Security — Prevents accidental exposure of sensitive files to the sandbox. This is the primary motivation. Right now the only protection
is the user remembering to set up their own filtering.
- Performance — node_modules alone can be hundreds of MBs and tens of thousands of files. Skipping it dramatically reduces initial sync time and file-watching overhead.
- Simplicity — Eliminates the need for users to manage a separate mutagen session as a pre-filter step before invoking sbx.
Implementation Notes
Since it's likely sbx already uses mutagen under the hood, this should be a matter of passing --ignore flags through to the underlying mutagen sync create call. Mutagen's ignore patterns already support glob syntax and are well-documented.
Problem
sbxprovides no way to exclude files or directories from being synced into the sandbox. This forces syncing of large directories like node_modules, metadata like .git, and — critically — sensitive files such as .env and certificates into the sandbox environment.Since sbx uses mutagen for file synchronization, and mutagen already supports --ignore patterns natively, this seems like low-hanging fruit to
expose.
Current Workaround
We maintain a wrapper script that runs mutagen before
sbxto sync the project into a filtered temp directory, then pointssbx createat that temp directory instead of the real project root:This works, but it's clunky — we're managing our own mutagen session lifecycle (create, flush, resume, pause, terminate) just to work around a
missing option. It also means we have two independent sync layers: our mutagen session syncing source to temp, and sbx's own sync from temp into the sandbox.
Proposed Solution
Expose mutagen's existing --ignore patterns through the sbx CLI:
And/or support a .sbxignore file at the project root (like .dockerignore or .gitignore):
Why This Matters
is the user remembering to set up their own filtering.
Implementation Notes
Since it's likely sbx already uses mutagen under the hood, this should be a matter of passing --ignore flags through to the underlying mutagen sync create call. Mutagen's ignore patterns already support glob syntax and are well-documented.