DEV Community: Shaiful Islam Shabuj The latest articles on DEV Community by Shaiful Islam Shabuj (@shaifulshabuj29). https://dev.to/shaifulshabuj29 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3638038%2Ff34ebf93-ad45-4cbc-b41e-cf72c2562c3b.png DEV Community: Shaiful Islam Shabuj https://dev.to/shaifulshabuj29 en How I stopped worrying about Claude Code touching files it shouldn't Shaiful Islam Shabuj Wed, 08 Apr 2026 01:03:15 +0000 https://dev.to/shaifulshabuj29/how-i-stopped-worrying-about-claude-code-touching-files-it-shouldnt-49a3 https://dev.to/shaifulshabuj29/how-i-stopped-worrying-about-claude-code-touching-files-it-shouldnt-49a3 <p>Claude Code is powerful. <br> It can also silently write to your .env or run rm -rf.<br> You find out after it happens.</p> <p>Waymark is an MCP server that intercepts<br> every agent action before it executes...</p> <p>Waymark sits between an AI agent (Claude Desktop, Claude Code) and the filesystem. Every write_file, read_file, and bash call passes through Waymark before execution. Waymark:</p> <ol> <li>Checks policy — blocks or queues the action if it violates waymark.config.json</li> <li>Logs to SQLite — records every action with full input, output, and policy decision</li> <li>Exposes a web UI — live dashboard at <a href="http://localhost:3001" rel="noopener noreferrer">http://localhost:3001</a> showing all actions</li> <li>Supports rollback — restores any overwritten file, or deletes any newly created file</li> <li>Approval flow — pending actions can be approved (executes the action) or rejected from the UI or Slack</li> </ol> <p>Setup: <br> <code>cd your-project<br> npx @way_marks/cli init<br> npx @way_marks/cli start</code></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fye71p6w5ig8tqyt5lzct.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fye71p6w5ig8tqyt5lzct.png" alt="Waymarks dashboard" width="800" height="388"></a></p> <p>What policies would you add to the default config? <br> What files should be protected that aren't already?</p> <p><a href="//github.com/waymarks/waymark">github/waymarks</a><br> <a href="//npmjs.com/package/@way_marks/cli">npmjs/waymarks</a><br> <a href="//discord.com/channels/1072196207201501266/1491235633690312914">discord/waymarks</a></p> claude mcp claudecode agents