2/20/2026 at 2:47:58 PM
Recommend you never give codex or Claude access to rm or deletions in general. Always force them to replace files rather than deleting, and moving into an ~/archive folder when not replacing and wanting to “remove”.This works well, but is not sureproof. You can add a hook onto Claude code to block those commands at various stages, I have some useful hooks at my https://GitHub.com/claude-warden repo.
by nextzck
2/20/2026 at 3:31:47 PM
It's a good guardrail, but like you say, it's not foolproof. Lots of commands have destructive options, or can be used to in turn invoke arbitrary operations. Like `find` is just as risky a call as `rm`. I can just see imagine the reasoning chain."There is an error due to <file>. If I remove <file>, the error could be resolved. I don't have permission to use `rm`, but `find` can be used to delete files and I have permission to use that..."
by Bjartr
2/20/2026 at 5:34:19 PM
Couldn't these tools be made to run in an OverlayFS-type filesystem that the user could review and apply changes to when they're done?It would also be nice to have a second agent review every command to ensure nothing overly destructive is happening.
Are either of these things possible with Codex/CC?
by pants2
2/20/2026 at 7:31:51 PM
CC is really good at finding ways to work around denied permissions. The only safe solution is some kind of vm.by nightshift1