Dev tools

Before Claude Code edits production-adjacent code, ask for the rollback note. If the agent cannot explain how to undo the change, the task contract is not ready yet.

Claude Code permissions are safest when they are temporary. Treat every extra file, command, MCP tool, and network path as a task-scoped grant that must expire unless a human renews it with evidence.

Claude Code can make a change feel review-ready before the risk is understood. Production teams need human review that can reject the run, narrow the scope, or demand better evidence before merge.

Claude Code can produce a clean patch from a messy run. Production teams need a flight recorder: the task contract, tool calls, permission pressure, tests, assumptions, and rollback notes that explain how the patch was made.

Claude Code permissions are where agent safety becomes concrete. If a run needs production data, billing config, deploy access, or a wider MCP tool, the default should be stop, explain, and wait for a human decision.

Passing tests are a useful signal, but they are not enough for production Claude Code work. Ask for a review packet that shows scope, evidence, boundary pressure, remaining risk, and rollback before merge.

Before giving Claude Code wider access, define what each run may read, edit, call, spend, and merge. A permission budget keeps agent speed inside a reviewable boundary.

A Claude Code run can make tests pass and still leave a reviewer with no usable evidence. Treat green tests as one signal, then require scope, command logs, tool use, assumptions, and rollback notes before merging agent work.

Claude Code gets risky when a failed run keeps retrying without a stop rule. Use failure budgets, review packets, evals, and rollback notes before giving agents more autonomy.

Claude Code gets risky when teams roll it out through enthusiasm instead of a runbook. Start with task contracts, scoped permissions, review packets, evals, and rollback before widening autonomy.