No. I don't want the mental burden of auditing whether it modified the tests.
Then, run the agent vm-sandboxed, with tests mounted as a read-only directory, if your directory structure allows it.
Or, less securely, hash the tests and check the hash with a hook, post tool use. Or a commit hook.
Then, run the agent vm-sandboxed, with tests mounted as a read-only directory, if your directory structure allows it.
Or, less securely, hash the tests and check the hash with a hook, post tool use. Or a commit hook.