Comment by Tuna-Fish
5 hours ago
Give claude a separate user, make the tests not writable for it. Generally you should limit claude to only have write access to the specific things it needs to edit, this will save you tokens because it will fail faster when it goes off the rails.
Don't even need a separate user if you're on linux (or wsl), just use the sandbox feature, you can specify allowed directories for read and/or write.
The sandbox is powered by bubblewrap (used by Flatpaks) so I trust it.