Introduction At Formal , we are heavy users of agentic coding tools for software development, and we’re trying to continue performing local development with these tools on our (admittedly beefy) laptops for as long as possible. One example is Claude Code. These tools feel particularly magical when verification loops are as fast as possible. Having to explicitly approve every file edit Claude Code makes is time intensive — and so is having to explicitly approve every command Claude Code wants to run to get feedback on that code change before we review it ourselves. Some examples include running go build, go test, restarting a docker container, and running our linter! Claude Code supports allowlisting Bash commands as well as file edits to your directory without requiring approvals, which can dramatically speed up development. What if, however, we do not want Claude Code to be able to run certain commands on our laptops? Enabling file edits and particular Bash commands often used in software development often enables Claude Code to run any command! We use TypeScript and Go, so the examples in this post will be specific to those languages. We’re defining “able” as “could Claude Code perform these actions,” irrespective of the probability that Claude would output text that would cause Claude Code to perform these actions. go test What’s the worst a unit test could do? Well, a unit test could execute arbitrary bash scripts. If you allowlist running go test and editing files without approval, Claude Code could run any other command without approval via the following flow: Edit a test file to use exec.Command Run go test go generate Okay, that makes sense — go test is effectively running arbitrary code. What about making sure our code builds? Well, a prerequisite for building is code generation. We do have some go generate directives, however, and running go generate as part of your build pipeline allows arbitrary code execution if the coding agent can edit files that will...
First seen: 2026-02-02 02:32
Last seen: 2026-02-02 02:32