permissions

2 questions

AI

How do I let Claude work autonomously without approving every command?

Auto mode replaces permission prompts with a background classifier that blocks anything dangerous and lets routine work through. It's narrower than bypassPermissions, available on Max/Team/Enterprise/API only, and quietly drops some of your existing allow rules on entry.
AI

How do I run untrusted `npm install` without my SSH keys leaking?

Claude Code's bash tool can run inside an OS-level sandbox (Seatbelt on macOS, bubblewrap on Linux/WSL2) that restricts filesystem and network access. Here's how to enable it, the configuration that matters, and the network-isolation footgun that catches people.