20  Safety and Review

Claude Code is powerful—which means it’s important to use it responsibly. This chapter covers safety practices.

20.1 The Approval Workflow

Claude Code asks for approval before: - Creating or modifying files - Running shell commands - Deleting anything

Always read what Claude proposes before approving.

20.2 Reading Before Approving

20.2.1 For File Changes

When Claude shows a file change, look for:

  • What file? Is it the right file?
  • What change? Does it match what you asked?
  • Side effects? Will this break anything else?

20.2.2 For Commands

When Claude proposes a command, check:

  • What will it do? Understand the command
  • Is it safe? Check for dangerous flags
  • Scope? What files/directories will it affect?

20.3 Dangerous Commands to Watch For

20.3.1 Deletion Commands

rm -rf *           # Deletes everything!
rm -rf /           # Deletes your entire system
rm -rf ~           # Deletes your home directory

Always check rm commands for: - The path being deleted - The -rf flags (recursive, force)

20.3.2 Git Commands

git reset --hard     # Loses uncommitted changes
git push --force     # Overwrites remote history
git clean -fd        # Deletes untracked files

20.3.3 Permission Commands

sudo rm ...          # Admin-level deletion
chmod 777 ...        # Opens files to everyone
sudo chown ...       # Changes file ownership

20.3.4 Network Commands

curl ... | bash      # Runs downloaded script
wget ... && ./script # Downloads and executes

20.4 Safe Practices

20.4.1 Work in a Project Directory

Don’t run Claude Code from your home directory or root:

# Good - in a specific project
cd ~/Projects/my-project
claude

# Bad - too broad
cd ~
claude

20.4.2 Use Git

Commit often so you can revert mistakes:

> Before making major changes, let's commit what we have

If something goes wrong:

git diff                    # See what changed
git checkout -- filename    # Revert a specific file
git reset --hard HEAD       # Revert everything (careful!)

20.4.3 Test in Isolation

For risky operations:

> Let's test this on a copy of the file first
cp important_file.csv test_copy.csv
# Test on copy first

20.4.4 Understand Before Approving

If you don’t understand a command:

> What does this command do exactly?

Or:

> Explain the flags in this command

20.5 Sensitive Data

20.5.1 What Not to Share

Be careful with: - Passwords and API keys - Patient/participant data - Proprietary code - Unpublished research data

20.5.2 Environment Variables

Never put secrets in code:

# Bad - secret in code
api_key = "sk-12345..."

# Good - from environment
import os
api_key = os.getenv("API_KEY")

20.5.3 .gitignore

Ensure sensitive files aren’t committed:

> Add .env and any data files to .gitignore

20.6 When Things Go Wrong

20.6.1 Undo File Changes

# See what changed
git status

# Revert a file
git checkout -- path/to/file

# Revert everything
git reset --hard HEAD

20.6.2 Stop a Running Command

Press Ctrl + C to interrupt a running process.

20.6.3 Recovery from Deletion

If you accidentally delete something: - Check your trash/recycle bin - Check Time Machine or other backups - Check git history if it was committed

20.7 Claude’s Limitations

20.7.1 Claude Can Be Wrong

  • Code might have bugs
  • Commands might have unintended effects
  • Suggestions might not be optimal

Your job: Verify that outputs make sense.

20.7.2 Claude Doesn’t Know Your Context

  • Your file system specifics
  • Your institutional policies
  • Your security requirements

Your job: Provide relevant context and apply domain judgment.

20.7.3 Claude Doesn’t Persist State

Between sessions: - Claude doesn’t remember previous conversations - It re-reads files each time - Settings don’t persist automatically

20.8 Institutional Considerations

20.8.1 Data Use Agreements

If your data has restrictions: - Check if using AI tools is permitted - Consider what data is sent to external servers - Consult your IRB or data governance team

20.8.2 Publication and Authorship

When using AI assistance: - Follow journal guidelines on AI use - Document AI assistance appropriately - Ensure you understand and can defend all content

20.8.3 Reproducibility

For research: - Keep records of prompts used - Version control everything - Document AI-assisted steps

20.9 Checklist: Before Approving

For file changes: - [ ] Correct file? - [ ] Change looks right? - [ ] Won’t break other things?

For commands: - [ ] Understand what it does? - [ ] Safe flags? - [ ] Correct paths?

For sensitive operations: - [ ] Backed up? - [ ] Can undo if wrong? - [ ] Not affecting production?

20.10 Summary

Safety with Claude Code: - Read before approving every change - Watch for dangerous commands (rm, sudo, git reset) - Use git for easy recovery - Protect sensitive data from accidental exposure - Verify outputs match expectations

20.11 Next Steps

Continue to When Claude Code Struggles.