Background
I’ve been using Claude Code more and more recently. At some point I realized that rather than do something else until it finishes, I would constantly check on it to see if it was asking for yet another permission, which felt like it was missing the point of having an agent do stuff. So I wanted to use Claude Code with the --dangerously-skip-permissions flag.
If you haven’t used it, this flag does exactly what it says: it lets Claude Code do whatever it wants without asking permission first. No more “May I install this package?”, “Should I modify this config?”, “Can I delete these files?”
It just… does it.
Which is great for flow since I don’t have to worry that it stopped doing stuff just to ask a permission question.
But also, you know, dangerous.
I like my filesystem intact, so the obvious solution is to not run this thing directly on my OS account.
What I considered
Docker
First instinct: throw it in a Docker container. Containers are for isolation, right?
... continue reading