Guardrails and the copy-paste setup

“More hands moving at once means more ways to knock something over. Bolt the dangerous drawers shut before the crew arrives.”

Lock down permissions

In `settings.json`, allow the tools the team needs and deny the ones that do irreversible damage. `defaultMode: "acceptEdits"` lets agents edit without a prompt per change so the team keeps moving; the deny list is what keeps that safe.

{
  "permissions": {
    "allow": [
      "Read", "Glob", "Grep", "Edit",
      "Write(src/**)", "Write(tests/**)",
      "Bash(npm test *)", "Bash(npx tsc *)",
      "Bash(git add *)", "Bash(git commit *)"
    ],
    "deny": [
      "Read(**/.env*)", "Read(**/.ssh/**)",
      "Bash(rm -rf *)", "Bash(sudo *)",
      "Bash(git push *)", "Bash(npm publish *)"
    ],
    "defaultMode": "acceptEdits"
  }
}

Patterns are `Tool(glob)`: a single `*` matches one segment, `**` recurses. `defaultMode` also accepts other values (`default`, `plan`, and more), but `acceptEdits` is the one that suits a running team.

The copy-paste setup

Environment variables for your shell profile:

# Add to ~/.zshrc or ~/.bashrc
export CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1
export CLAUDE_CODE_SUBAGENT_MODEL="claude-sonnet-4-6"
export CLAUDE_CODE_EFFORT_LEVEL=high
export CLAUDE_CODE_DISABLE_ADAPTIVE_THINKING=1

A minimal guardrail block for `settings.json`:

{
  "permissions": {
    "allow": ["Read", "Glob", "Grep", "Edit", "Write(src/**)", "Write(tests/**)"],
    "deny": ["Read(**/.env*)", "Bash(rm -rf *)", "Bash(git push *)"],
    "defaultMode": "acceptEdits"
  }
}

Before and after

• Before (solo): one task at a time; you write, review, test, and commit in sequence; a four-part feature takes a day; context bloats as you switch.
• After (team): backend, frontend, tests, and review run at once; the same feature is done in hours; each agent has a clean, focused context; you review and merge.