What Is a Level 1 Validation Sandbox?
A Level 1 validation sandbox is a small, isolated folder on your system where an AI agent is only allowed to perform very limited, low‑risk actions. It cannot touch anything outside that folder without your explicit approval.
In a typical setup you have:
- A dedicated sandbox directory (for example
/home/user/ai_sandbox_level1). - A tiny shell script called
level1_validate.shinside that directory. - An AI agent that can propose running this script, but only executes it after you say "Yes, run it."
This gives you a repeatable safety check: the agent proves it can follow instructions, stay inside its sandbox, and log what it did — before you ever let it touch real data or more powerful tools.
Why You Might Want This
If you're experimenting with local AI agents, automation, or "AI DevOps," you may be asking:
- How do I sandbox my AI so it doesn't damage my system?
- How can I see exactly what files an agent touched?
- How do I test behavior safely before running scripts in production folders?
A Level 1 validation sandbox answers those concerns:
- All activity is constrained to a single directory tree.
- The work is simple and deterministic (e.g., counting files).
- Every run leaves clear logs and summaries you can inspect.
- You control when the script executes via an explicit approval step.
In this guide, we'll cover AI sandbox best practices and a concrete Level 1 validation script you can copy — including a safe shell automation protocol that requires your explicit approval before anything runs.
What the Level 1 Script Does
The Level 1 script is intentionally simple. For example, it can:
- Look inside a sandbox directory (like
/home/user/ai_sandbox_level1/test_files). - Count:
- Total files.
- Files by type (images, documents, archives).
- "Other" files.
- Write a daily summary file (for example
level1_summary_YYYY‑MM‑DD.md). - Append a line to a run log (for example
level1_run.log) with counts and timestamps.
A companion version on another machine might count total files and directories under the entire sandbox and append a short summary line to daily_summary.md.
In both cases:
- The script never touches anything outside the sandbox path.
- The agent: explains what it wants to do, proposes the exact command to run, waits for you to say "Yes, run it", then reports back what changed and which files were touched.
Step‑by‑Step: Create a Level 1 Sandbox on Linux
This example uses /home/user as your home directory; replace user with your actual username.
1. Create the Sandbox Directory
Pick a path dedicated to Level 1:
mkdir -p /home/user/ai_sandbox_level1/test_filesThis directory tree is your agent's playground.
2. Create the Level 1 Validation Script
Create and open the script file:
cat > /home/user/ai_sandbox_level1/level1_validate.shPaste in this script (adjust paths if needed):
#!/bin/sh
# Level 1 Validation Script
# Purpose: count files in test_files and write a small markdown report + log
SANDBOX="/home/user/ai_sandbox_level1"
TEST_DIR="$SANDBOX/test_files"
REPORT_FILE="$SANDBOX/level1_summary_$(date '+%Y-%m-%d').md"
LOG_FILE="$SANDBOX/level1_run.log"
# Ensure required directories exist
mkdir -p "$TEST_DIR"
mkdir -p "$SANDBOX"
# Discover counts
TOTAL=$(find "$TEST_DIR" -maxdepth 1 -type f | wc -l)
COUNT_IMAGES=$(find "$TEST_DIR" -maxdepth 1 -type f \( -iname "*.jpg" -o -iname "*.jpeg" -o -iname "*.png" -o -iname "*.gif" \) | wc -l)
COUNT_DOCS=$(find "$TEST_DIR" -maxdepth 1 -type f \( -iname "*.txt" -o -iname "*.pdf" -o -iname "*.docx" \) | wc -l)
COUNT_ARCHIVES=$(find "$TEST_DIR" -maxdepth 1 -type f \( -iname "*.zip" -o -iname "*.tar" -o -iname "*.gz" \) | wc -l)
COUNT_OTHER=$(expr "$TOTAL" - "$COUNT_IMAGES" - "$COUNT_DOCS" - "$COUNT_ARCHIVES")
# Write daily markdown report (overwrite per day)
{
echo "# Level 1 Sandbox Validation Summary"
echo "Date: $(date '+%Y-%m-%d')"
echo "Total files: $TOTAL"
echo "Images: $COUNT_IMAGES"
echo "Docs: $COUNT_DOCS"
echo "Archives: $COUNT_ARCHIVES"
echo "Other: $COUNT_OTHER"
} > "$REPORT_FILE"
# Append run log
printf "%s - Level 1 validation: generated %s (Images=%s, Docs=%s, Archives=%s, Other=%s)\n" \
"$(date '+%Y-%m-%d %H:%M:%S')" \
"$REPORT_FILE" \
"$COUNT_IMAGES" "$COUNT_DOCS" "$COUNT_ARCHIVES" "$COUNT_OTHER" \
>> "$LOG_FILE"
exit 0Finish the cat input with Ctrl+D, then make it executable:
chmod +x /home/user/ai_sandbox_level1/level1_validate.sh3. Test Manually
Run:
bash /home/user/ai_sandbox_level1/level1_validate.shThen check:
cat /home/user/ai_sandbox_level1/level1_summary_*.md
cat /home/user/ai_sandbox_level1/level1_run.logYou should see a summary for today and a log entry with counts.
Step‑by‑Step: Add a Second Sandbox (e.g. on WSL)
On another machine or a WSL instance, you can use a similar but slightly different script that logs file/directory counts for the entire sandbox.
1. Create the Sandbox
mkdir -p /home/user/ai_sandbox_level1/logs
chmod -R u+rwX /home/user/ai_sandbox_level12. Create the Validation Script
cat > /home/user/ai_sandbox_level1/level1_validate.shPaste:
#!/usr/bin/env bash
set -euo pipefail
LOG_DIR="/home/user/ai_sandbox_level1/logs"
LOG_FILE="$LOG_DIR/level1_run.log"
SUMMARY_FILE="/home/user/ai_sandbox_level1/daily_summary.md"
mkdir -p "$LOG_DIR"
DATE=$(date '+%Y-%m-%d')
echo "Level 1 validation run on $DATE" >> "$LOG_FILE"
echo "Sandbox root: /home/user/ai_sandbox_level1" >> "$LOG_FILE"
TOTAL_FILES=$(find /home/user/ai_sandbox_level1 -type f | wc -l)
TOTAL_DIRS=$(find /home/user/ai_sandbox_level1 -type d | wc -l)
echo "Total files: $TOTAL_FILES" >> "$LOG_FILE"
echo "Total directories: $TOTAL_DIRS" >> "$LOG_FILE"
ls -la /home/user/ai_sandbox_level1 | head -n 20 >> "$LOG_FILE"
echo "- Level 1 validation: files=${TOTAL_FILES}, dirs=${TOTAL_DIRS}" >> "$SUMMARY_FILE"
echo "Validation complete. See $LOG_FILE; daily summary updated at $SUMMARY_FILE." >> "$LOG_FILE"
exit 0Close with Ctrl+D and make it executable:
chmod +x /home/user/ai_sandbox_level1/level1_validate.shRun it once:
/home/user/ai_sandbox_level1/level1_validate.shThen inspect:
cat /home/user/ai_sandbox_level1/logs/level1_run.log
cat /home/user/ai_sandbox_level1/daily_summary.mdHow to Integrate This With Your AI Agent (Protocol)
The key is to give your agent a clear Level 1 protocol. For example:
When I say "Run Level 1 validation now":
- Explain in 1–2 sentences what you are about to do in the sandbox.
- Propose the exact command:
bash /home/user/ai_sandbox_level1/level1_validate.sh- Wait for me to say "Yes, run it" before executing.
- After the run, summarize what changed and which files you touched.
- Only touch paths under
/home/user/ai_sandbox_level1and the log/summary files there.
Whatever framework you use (custom agent, CLI tool, browser‑based assistant), you want:
- An execution plan step where the agent shows you the command.
- An approval step ("Yes, run it" vs "No, cancel").
- A post‑run summary of changes.
Use Cases for Level 1 Validation
Some practical ways to use this pattern:
- Safe AI sandboxing: Let an AI agent practice on test files in a controlled directory without risking system damage.
- Simple file monitoring: Track how many files of each type appear in a folder over time using daily summaries and logs.
- Smoke testing new workflows: Before pointing a script at your real project directories, point it at the sandbox and inspect the Level 1 report and logs.
- Auditable AI automation: Maintain a lightweight audit trail of when the agent ran, what it did, and what changed.
Final Thoughts
A Level 1 validation sandbox is a small pattern with big benefits:
- The agent has a tightly scoped playground.
- The script does one simple, understandable job.
- You have full control over execution via explicit approval.
- Every run leaves plain‑text evidence you can read and diff.
Once this foundation is in place, you can build higher "levels" of capability — always knowing you can fall back to a safe, logged, and well‑understood Level 1.