Isolating Claude from your artifact storage and prod systems ​

I'm using Claude Code to write code on my dev env. Til now I've been running it with all of my own permissions, but after the replit disaster I've taken to isolating my Claude Code usage. Normally, I've qa and prod services for a bunch of minimal-server-load projects all running on a tiny EC2, using nginx's virtual hosting to keep them straight, and an admin-keyed dev session can push anything up, but all Claude Code is going on a new EC2. (Using a t4g.large to give claude the recommended RAM elbow room.)

Now isolation is as simple as having two ssh sessions: one with ssh -a so that claude can't tunnel forward into my ssh://prod services, and one normal ssh connection to the claude-server so versioning and deploying as easy as a git push.