Permissions & safety

An agent that edits files and runs commands can do damage. Mini-claude puts two guardrails between the model and your disk: the permission prompt with a diff before acting, and auto-commit + /undo after.

Permission before acting

Destructive tools (write_file, edit_file, bash) and any out-of-workspace access ask for your go-ahead. The prompt shows a unified diff of what’s about to change, not just raw arguments:

permission ▸ modifies state: edit_file
src/auth.go  (+3 / -1)
   func validate(token string) error {
-      return nil
+      if token == "" {
+          return errors.New("empty token")
+      }
+      return nil
   }
[y] yes once  ·  [a] always this tool  ·  [n] deny

y: allow this action once.
a: allow this tool for the whole current session. /clear, /mode and /workspace reset that cache.
n: deny; the agent is told and adapts.

Auto-commit + `/undo`

When the workspace is a git repo, every successful destructive action is auto-committed with a miniclaude: <tool> <path> message. If the model does something dumb:

/undo

rewinds the last commit Mini-claude made (git reset --hard HEAD~1). It refuses to touch commits you didn’t make through the agent, your own work is never at risk.

Outside a git repo this safety net is silently disabled: edits aren’t checkpointed. Run git init to turn it on.

Loops & confabulation

Two more reliability guards:

Loop guard: if the model calls the same tool with the same arguments three times in one turn, Mini-claude refuses and tells it to stop and answer.
Answered without reading: any turn that produces a substantial answer without calling a tool is flagged (· answered without reading any file, verify before trusting). You calibrate trust from a structural signal, not from words.

Tools Configure

Permissions & safety

Permission before acting

Auto-commit + /undo

Loops & confabulation

Auto-commit + `/undo`