Comment by vincnetas
3 days ago
Starting in Claude bypass mode does not give me confidence:
WARNING: Claude Code running in Bypass Permissions mode │ │ │ │ In Bypass Permissions mode, Claude Code will not ask for your approval before running potentially dangerous commands. │ │ This mode should only be used in a sandboxed container/VM that has restricted internet access and can easily be restored if damaged.
The Readme clearly states:
Caution
This project is a research demonstrator. It is in early development and may change significantly. Using permissive AI tools in your repository requires careful attention to security considerations and careful human supervision, and even then things can still go wrong. Use it with caution, and at your own risk.
Claude Code will not ask for your approval before running potentially dangerous commands.
and
requires careful attention to security considerations and careful human supervision
is a bit orthogonal no?
As a token of careful attention, run this in a clean VM, properly firewalled not to access the host, your internal network, GitHub or wherever your valuable code lives, and ideally anything but the relevant Anthropic and Microsoft API endpoints.
2 replies →
It’s not orthogonal at all. On the contrary, it’s directly related:
“Using permissive AI tools [that is, ones that do not ask for your approval] in your repository requires careful attention to security considerations and careful human supervision”. Supervision isn’t necessarily approving every action: it might be as simple as inspecting the work after it’s done. And security considerations might mean to perform the work in a sandbox where it can’t impact anything of value.
I assumed, especially with the VS Code recommendation, that this would automatically use devcontainers...
If they didn't have this warning you'd see comments on how irresponsible they are being