Are you tired of your agent asking you for permission to do obviously correct and safe things, but also feel it’s too risky to let your agent just run wild and do whatever it wants on your repo? The velocity/safety tradeoff is a real struggle. But I think I found a solution. Turns out the answer is more agents! A security agent to be precise. Basically we grant Claude Bash(*) but then pipe all bash commands through a security filter. The first is a hard coded regex layer, (auto allow basic things like ls, mkdir, etc.), but then have a separate security agent take a look at the potentially risky Bash commands e.g. wget, curl, npm install, etc. Basically anything that ingests foreign code or sends out local data. Since the agent doesn’t share context with the regular Claude instance, it can’t get poisoned and errs on the side of caution. If it thinks something might be a risk, it just forces Claude to ask us for approval instead, if something is obviously safe or a part of our regular project pipeline, it allows it. We can even give it access to logs of our approved commands so it has a strong sense of what is normal within our project and log everything so we can audit it later just in case. It’s a smart permissions system! Has anyone else implemented something like this? I feel like an open source project or having this be a part of claude code itself would be really useful. The more eyeballs looking out for potential security flaws, the safer it’ll be and the more autonomy people can give their agents. submitted by /u/CrunchyMage
Originally posted by u/CrunchyMage on r/ClaudeCode