Comment by Lockal

One good solution should be mentioned here - run Claude under strace/ltrace/LD_PRELOAD/etc.

The fact that LLM miss to read files is crucial for solving tasks. It does not matter that LLM later say "Yeah, I've fully read the specification and here is your code" if you check the log and it says: "Reading SPEC.md lines 1-400" <end_of_read>.

Overall, the complete log of interaction with the system should always be available, otherwise it is effectively a malware. That's not an exaggeration: consider that at any point of time any side part can spit out a prompt injection. Consider the use case: previously in xz-utils it was needed to sabotage the landlock kernel level sandbox, AND to exist in the memory of sshd, AND to be able to hijacking the RSA_public_decrypt. Now the only thing is needed - printf.