Running Claude Code dangerously (safely)

Summary

Background I’ve been using Claude Code more and more recently. At some point I realized that rather than do something else until it finishes, I would constantly check on it to see if it was asking for yet another permission, which felt like it was missing the point of having an agent do stuff. So I wanted to use Claude Code with the --dangerously-skip-permissions flag. If you haven’t used it, this flag does exactly what it says: it lets Claude Code do whatever it wants without asking permission first. No more “May I install this package?”, “Should I modify this config?”, “Can I delete these files?” It just… does it. Which is great for flow since I don’t have to worry that it stopped doing stuff just to ask a permission question. But also, you know, dangerous. I like my filesystem intact, so the obvious solution is to not run this thing directly on my OS account. What I considered Docker First instinct: throw it in a Docker container. Containers are for isolation, right? Except I want Claude to be able to build Docker images. And run containers. And maybe orchestrate some stuff. So now you need Docker-in-Docker, which means --privileged mode, which defeats the entire purpose of sandboxing. That means trading “Claude might mess up my filesystem” for “Claude has root-level access to my container runtime.” Not great. There’s also the nested networking weirdness, volume mounting permissions that make you question your life choices, and the general feeling that you’re fighting the tool instead of using it. Other options I also briefly considered: #yolo run it bare metal: no, no and no sandbox-runtime: more of an ACL approach, I want Claude to be able to do anything, because it doesn’t have access to anything except the code firejail or similar: same problem as Docker-in-Docker manual VM setup: works but tedious, not reproducible cloud VM: costs money, has latency, need to upload my code somewhere Vagrant Then I remembered about a project that I’ve used before Docker becam...