Ask HN: How do you enforce guardrails on Claude agents taking real actions?

- ZFS snapshot all your state, makes it trivial to roll back changes

- gate access to secrets via external service that replaces placeholder values with actual secrets, e.g. something like agentvault.co

- have it perform the action on a staging env with fake data, then replay the recorded action on real data without the LLM involvement (e.g. use something like stagehand / director.ai to write the initial browser automation script, but then replay the recorded LLM actions deterministically after you see it work the first time)