permissions
6 questions
- AI
How do I enable auto mode for my team without giving Claude my prod credentials?
Auto mode reads its `autoMode` config from user, project-local, and managed scopes; the classifier ignores `<repo>/.claude/settings.json`. Roll out via enterprise managed settings (the only layer developers cannot weaken) and write rules as prose, not as `Bash(...)` patterns.
- AI
How do I let Claude work autonomously without approving every command?
Auto mode replaces permission prompts with a background classifier that blocks anything dangerous and lets routine work through. It's narrower than bypassPermissions, available on Max/Team/Enterprise/API only, and quietly drops some of your existing allow rules on entry.
- AI
How do I run my first Claude Code session?
Open Claude inside a real repo, ask one concrete task, read the diff before approving, and use /clear when context drifts. Most beginner pain comes from overstuffed CLAUDE.md, mixed-task sessions, and rubber-stamping edits.
- AI
How do I stop Claude Code from leaking my .env to a tool call?
Deny rules in .claude/settings.json catch Read(.env*) and the obvious Bash escape hatches (env, printenv, cat .env*, git diff*); a PreToolUse hook adds belt-and-suspenders. Allowlists are cleaner long-term. Auto mode is the place this leaks first.
- AI
What's the difference between default, acceptEdits, plan, auto, dontAsk, and bypassPermissions?
Six permission modes, picked by how much you trust the tool call to be reversible. default prompts everything new; acceptEdits skips Edit prompts; plan blocks edits entirely; auto adds a classifier; dontAsk auto-denies anything not pre-approved; bypassPermissions skips every prompt (with a circuit-breaker for rm -rf against critical paths).
- AI
How do I run untrusted `npm install` without my SSH keys leaking?
Claude Code's bash tool can run inside an OS-level sandbox (Seatbelt on macOS, bubblewrap on Linux/WSL2) that restricts filesystem and network access. Here's how to enable it, the configuration that matters, and the network-isolation footgun that catches people.