Skip to main content
Springvanta
All posts
AI Dev ToolingJun 21, 2026 · 5 min read

Coding Agents Hit a Trust Ceiling: Claude Code Blocks, Junie Plans

Claude Code v2.1.183 blocks 6 destructive commands in auto mode. JetBrains Junie GA ships plan-before-code. Both bet trust is the next bottleneck.

By SpringVanta

Two of the most-used AI coding agents shipped trust features within 48 hours of each other this week. Claude Code added guardrails that block destructive commands in autonomous mode. JetBrains Junie graduated from beta with a plan-before-code discipline and real debugger integration. Neither is trying to make the model smarter. Both are trying to make you comfortable walking away while it works.

That convergence says something about where the coding agent market is. The models are good enough. The question shifted to whether you can leave them unsupervised.

Claude Code: blocking the bad stuff

Claude Code v2.1.183, released June 19, made its autonomous "auto mode" significantly harder to break things with. The specific changes:

  • Destructive git commands are now blocked when you did not explicitly ask for them: git reset --hard, git checkout -- ., git clean -fd, git stash drop
  • git commit --amend is blocked unless the agent itself created that commit during the current session
  • Infrastructure destroy commands (terraform destroy, pulumi destroy, cdk destroy) are blocked unless you named the specific stack
  • A new --safe-mode flag disables all customizations (CLAUDE.md files, skills, plugins, hooks, MCP servers) while keeping enterprise policy and authentication intact
  • Scheduled tasks and webhook deliveries can no longer approve pending actions or set session titles in auto mode — they are reclassified as notifications, not keyboard input
  • MCP servers requiring authentication no longer expose auth-stub tools to the model in headless or SDK mode

These are surgical fixes to real failure modes. The pattern is the same in each case: the agent had a path to do something destructive or privileged that the user never asked for, and that path is now closed.

The --safe-mode flag solves a different problem. When an agent behaves unpredictably, the first question is always "is this coming from the model or from my configuration?" Safe mode strips everything down to the bare agent: no custom instructions, no hooks, no plugins. Enterprise policy still applies. It is a clean room for reproduction, which is what you want when debugging a system that writes its own code.

Junie: planning the right stuff

JetBrains shipped Junie to general availability on June 17, taking it out of beta with four features that read like a direct response to every complaint about autonomous coding agents:

Plan mode is the centerpiece. Before Junie writes code, it generates a structured planning document with separate tabs for product requirements, technical design, delivery stages, and testing strategy. You review it, edit it directly in your editor, and approve it. The plan lives in .junie/plans as a real file you can commit. Only then does Junie start implementing.

This is not the same as "prompting better." It is a workflow gate. The agent cannot start coding until a human signs off on the plan, and the plan is specific enough that you can reject it before a single token is spent on implementation.

Background tasks let you start a long-running job (a framework migration, a test coverage push) and close your laptop. You check progress from any device. JetBrains positions this as the first IDE-native agent to support this workflow.

Agentic debugging is the part that caught my attention. Most coding agents debug by adding print statements. Junie opens the actual debugger. It launches run configurations, sets breakpoints, steps through code, and inspects variables. For Java teams that have spent years debugging with System.out.println, this is a different category of capability.

Code review with project context uses the same IDE intelligence Junie uses for writing code. It understands your Maven or Gradle setup, your test framework, your code style. Three trigger paths: GitHub Actions, GitLab (including self-hosted), or the /review command in CLI or IDE.

Junie also landed at number one on the latest SWE-Rebench cycle, an independent agent benchmark that draws fresh tasks each run: 61.6 percent resolved, 72.7 percent pass at five attempts. And it supports any model via BYOK pricing — plan on an expensive reasoning model, implement on a fast cheap one. That cost dial is something no competitor offers at this depth.

Timeline of Claude Code and Junie trust features shipped June 17-19, 2026

Two answers to the same question

Claude Code and Junie are solving the same problem from opposite directions.

Claude Code's approach is reactive guardrails: identify the specific destructive actions an agent might take and block them at runtime. You do not need to change how you work. The agent just has fewer ways to hurt you.

Junie's approach is procedural discipline: force a planning checkpoint before code gets written, and verify results with the IDE's real analysis tools. You change your workflow — every task starts with a plan you approve — but the agent gets deeper verification in return.

Neither approach is complete on its own. Claude Code's guardrails are a list of known bad commands, which means novel destructive actions are not covered. Junie's plan mode is only as good as the plan the model generates, and plans can be wrong in convincing ways. But both are real engineering on the trust problem, and both shipped in the same window.

What this means if you are evaluating coding agents

If you are picking between these tools right now, the decision tree got clearer this week.

Choose Claude Code if your team already lives in the terminal and wants the agent to fit into existing workflows with minimal process change. The guardrails are invisible until you need them. You keep working the way you work, and the agent is just less likely to delete your work.

Choose Junie if your team uses JetBrains IDEs and wants structural verification. Plan mode, debugger integration, and code review with project context all lean on the IDE's semantic analysis. The tradeoff is more process overhead per task.

The pricing models also diverge. Claude Code requires an Anthropic API subscription or Max plan. Junie supports BYOK — bring your own model keys from any provider, or run local models via Ollama, with zero JetBrains markup on token costs. For teams with high-volume agent usage, that cost dial matters. An AI Pro subscription starts at $8.33 per user per month with 10 AI credits; AI Ultimate is $25 per user with 35 credits. BYOK is free.

Both products are betting that the next competitive axis in coding agents is not model intelligence. It is whether you trust the agent enough to stop watching it. Claude Code closed the paths that break things. Junie built a gate before code gets written. The question for buyers is which failure mode they lose more sleep over.

Continue reading

← Previous

9 Open Source AI Tools Hitting GitHub Trending This Week

Next →

AI Search Reached 60% of Adults. Trust Fell to 54%.

Read more

Like this kind of writing?

One email when something good ships — usually once or twice a month.

SubscribeAll posts