Then, run the agent vm-sandboxed, with tests mounted as a read-only directory, if your directory structure allows it.
Or, less securely, hash the tests and check the hash with a hook, post tool use. Or a commit hook.
alt Hacker News
Or, less securely, hash the tests and check the hash with a hook, post tool use. Or a commit hook.