← Back to blog
·5 min·Barta Gergő

I Haven't Manually Committed Code in Months. Here's What Controls the Agent That Does.

claude-codebuilding-in-public

I haven't committed code manually since January. I still open Fork to look at the git tree, but Claude does all the committing, all the code, all the testing. 1000+ commits in one month into building Mosaic Terminal.

The CLAUDE.md file is how I control this. Rules across three files, each one added because something went wrong without it.

The permission allow list matters more than markdown

CLAUDE.md is natural language guidance. The permission system in settings.json is hard enforcement. Claude Code has three lists: allow, deny, and ask. My deny list blocks git push --force, git reset --hard, rm -rf /, taskkill /F /IM node.exe, sudo, powershell -c, and a dozen more destructive patterns. Claude can't run them even if it wants to.

The allow list is just as important. I've whitelisted git, npm, node, gh, curl against specific domains, and common dev tools. Everything else triggers a permission prompt. This means Claude can commit, build, and deploy autonomously, but it literally can't wget an arbitrary URL or run a shell evaluator.

"deny": [
  "Bash(git push --force *)",
  "Bash(git reset --hard *)",
  "Bash(taskkill /F /IM node.exe)",
  "Bash(sudo *)",
  "Bash(rm -rf ~/)"
]

I used to run Claude in bypass mode (--dangerously-skip-permissions). Faster, no permission prompts, no interruptions. But there's always that thought in the back of your head. What if it goes off the rails? What if a hallucinated command wipes something? I couldn't relax into full autonomy while knowing there were zero guardrails.

Now Claude runs fully autonomous within boundaries I defined, and I don't think about it anymore. I wrote a full guide on how I set up those permission rules if you want the actual JSON.

The CLAUDE.md rules handle the gray area: "find the specific PID instead of broad process kills," "use copy+delete instead of fs.rename() across drives." The permission system handles the non-negotiable boundaries. Both layers together are what make full autonomy safe enough to actually trust.

Autonomy rules changed everything

The biggest productivity change wasn't a code rule. It was this:

## Autonomy Rules
Never stop to ask when the next step is obvious. If the task is clear
and no destructive action is involved, just do it.

Before that rule, Claude would ask "Should I proceed with the implementation?" four times in a row. The answer was always yes. Now it writes the code, runs the tests, and reports what happened. I went from babysitting to reviewing.

The self-verification rule matters just as much: "Never say 'please test this.' Run the tests yourself." Code that compiles but crashes at runtime is worthless, and I kept getting it until I added that line.

Rules don't guarantee compliance

Claude spent 8 days on a bug that turned out to be one config option. 62 commits, 8,300 lines of throwaway code. I added a debugging protocol to the CLAUDE.md after that: reproduce first, research when stuck, don't layer fixes. Claude still doesn't always follow it. CLAUDE.md rules are guidance, not hard constraints like the permission system. Sometimes Claude ignores them under pressure.

Two layers: global and project

Global rules live in ~/.claude/CLAUDE.md. Process safety, git safety, Windows quirks, communication style. These follow me to every project.

Project rules live in the repo. Build commands, test commands, architecture notes. For Mosaic Terminal, there are three files: one for the main process (224 lines), one for the renderer (88 lines), and a root file (168 lines) covering verification tiers, testing requirements, and code patterns.

I built a scaffolding skill (/mosaic-init-claude) that reads a project's package.json, tsconfig, CI config, and existing docs, then generates a CLAUDE.md from what it finds. Starting a new project used to mean hitting the same problems again until I remembered to add the rules. The skill carries them over automatically.

Communication rules save hours

Don't narrate tool calls. The user sees them.
Short questions get short answers.
End-of-task: three bullets max.

Each interaction saved a few seconds. Over hundreds of interactions per day across multiple agents, that's a lot of wasted output eliminated.

What actually matters

The CLAUDE.md isn't a best-practices document. It's a behavior specification for an agent that writes all my code. Every rule traces back to friction: a bug that took too long, a question that didn't need asking, a process that crashed something it shouldn't have.

The agent handles commits, deployments, debugging sessions, multi-agent coordination. I spend my time on architecture decisions and product direction.

I'm building Mosaic Terminal, an orchestration workstation for AI coding agents. The Discord has early access builds and a free weekly AI coding digest.