Just saw a really nice security feature built in Claude Code: sandboxing.
It allows restricting filesystem and network access. So you can, for example disallow writes on certain directories and avoid the agent to mess up with your computer.
On Linux it uses bubblewrap, the same backend used by Flatpaks, which is pretty good.
It’s open source and distributed independently of Claude Code itself. I did some preliminary tests and liked the approach, probably will integrate the tool into my Agent to not worry about the AI modifying a directory outside the project scope.