2025-11-19 · Authensor

Is Claude Code Safe? How to Add Safety Controls

Claude Code is a capable AI coding agent, but it runs with your full user-level permissions — meaning it can read, write, and delete any file your account can access, run shell commands, and make network requests. It is as safe as the guardrails you put around it. SafeClaw by Authensor adds a deny-by-default policy layer specifically designed for AI coding agents like Claude Code, gating every action through policy rules before execution.

What Claude Code Can Do Without Guardrails

Claude Code operates as a terminal-based agent with access to your filesystem and shell. Out of the box, it can:

Claude Code has its own permission prompts, which help. But those prompts rely on you correctly evaluating every action in real time — a difficult task when the agent is moving quickly through a complex workflow.

How to Make Claude Code Safer with SafeClaw

SafeClaw adds an automated policy layer that does not depend on your real-time judgment. You define the rules once, and SafeClaw enforces them on every action.

Quick Start

npx @authensor/safeclaw

Policy Designed for Claude Code

# safeclaw.config.yaml
rules:
  # Allow reading project files
  - action: file.read
    path: "src/**"
    decision: allow


- action: file.read
    path: "tests/**"
    decision: allow



- action: file.read
    path: "package.json"
    decision: allow



- action: file.read
    path: "tsconfig.json"
    decision: allow



# Block reading sensitive files
  - action: file.read
    path: "*/.env"
    decision: deny
    reason: "Claude Code cannot read environment files"



- action: file.read
    path: "/.ssh/"
    decision: deny
    reason: "SSH keys are off limits"



- action: file.read
    path: "/.aws/"
    decision: deny
    reason: "AWS credentials are off limits"



# Allow writing source code
  - action: file.write
    path: "src/*/.{ts,tsx,js,jsx}"
    decision: allow



- action: file.write
    path: "tests/*/.{ts,tsx,js,jsx}"
    decision: allow



# Block writing to config and infra
  - action: file.write
    path: "**"
    decision: deny
    reason: "Writes outside src/ and tests/ require manual action"



# Allow running tests and type checking
  - action: shell.execute
    command_pattern: "npm test*"
    decision: allow



- action: shell.execute
    command_pattern: "npx tsc --noEmit*"
    decision: allow



# Block dangerous shell commands
  - action: shell.execute
    command_pattern: "rm -rf *"
    decision: deny



- action: shell.execute
    command_pattern: "git push*"
    decision: deny
    reason: "Claude Code cannot push — developer pushes manually"



# Default deny
  - action: "**"
    decision: deny

What This Policy Achieves

| Agent Action | Result |
|-------------|--------|
| Read src/components/App.tsx | Allowed |
| Read .env.production | Blocked |
| Read ~/.ssh/id_rsa | Blocked |
| Write src/utils/helper.ts | Allowed |
| Write Dockerfile | Blocked |
| Run npm test | Allowed |
| Run rm -rf node_modules | Blocked |
| Run git push origin main | Blocked |

Claude Code remains productive for coding tasks while being unable to access secrets, modify infrastructure, or perform destructive operations.

Claude Code's Built-in Permissions vs. SafeClaw

| Feature | Claude Code Built-in | SafeClaw |
|---------|---------------------|----------|
| Permission model | Ask-on-action (user approves) | Deny-by-default (policy decides) |
| Consistency | Depends on user attention | Automated, deterministic |
| Audit trail | Limited | Hash-chained, tamper-proof |
| Path-level control | Broad categories | Glob-pattern granularity |
| Shell command filtering | Basic | Pattern-matched with deny lists |

SafeClaw complements Claude Code's built-in controls. You still get the permission prompts, but SafeClaw catches anything that slips through.

Why SafeClaw

Related Pages

Try SafeClaw

Action-level gating for AI agents. Set it up in your browser in 60 seconds.

$ npx @authensor/safeclaw