Am I the only person who just runs claude code in yolo mode? Curious about these tools for fine-grained permission, did you get burned in a bad way?
I think I'm going to trigger half of hacker news with this, but honestly nothing claude does on my machine seems particularly scary, and it's way too far from AGI for me to worry about hostile takeover right now =P
Personally yes I do run it in yolo mode. And I think, to the extent anyone will use this project, people mostly won't be using the fine grained control. For me toolsets and full yolo are what is useful in this project.
I think the real use cases are something like:
1. Try cautious mode, gain confidence, switch to yolo
2. Use yolo mode and find that it keeps doing something that annoys or scares you so you configure an exception for it
On number 2 I thought I would use it this way to prevent some unwanted behavior but I ended up learning how to avoid those behaviors in other ways.
Fair, I've had a similar experience. The edge-cases like installing weird dependencies (somebody mentioned that on this thread) I just deal with by changing my CLAUDE.md, and so far that's been fine.
I think if I end up not finding a real person (or myself) using them I'll ax it. It would take some heft off the project. Maybe just yolo OR cautious and call it day.
I remember seeing on twitter how Claude 4 Sonnet tried to run rm -r ~ for some reason within cursor. It could have been a meme potentially, but from my experience this doesn’t seem to be to far off as it does weird things for weird reasons sometimes
Yeah, that's fair, but in this particular case I have instructions to avoid dependencies unless absolutely necessary and that works well. It's not a risk I'm super worried about.
I'm not a heavy user by any means. I use it for project setup and routine-but-hard-to-automate refactoring, package upgrades, config files, fiddly stuff like that, for which it has been awesome. For me it's ~$30/mo.
A simple and very plausible example is deciding to run an innocent `find -delete` intended for a particular directory (to clean up temporary files, perhaps) but being confused about what the current directory is.
Anything your user has permissions to do, basically. It is absolutely possible to cause serious issues with it in yolo mode, but for me the risk seems acceptably low.
Anything you can think of, but IIRC it asks you if it can perform a particular command (you can tell it to remember that it can or something like that).
Literally anything a terminal command can do to your machine. Delete things, install malware, send your data to the FBI, start a fire by overheating (ok, now I'm just kidding... or not)
I was thinking that on this, folks need a cron task to run a trivial prompt at 5-6am and get that 5hr timer running so that it the majority of the quota is available in the working day morning, and then a new 5hr block starts around lunch time. This should maximise use of included tokens by a standard work day spanning 3 blocks rather than 2
Also useful for paid APIs like DeepSeek's, where they have cheaper inference price (50%/75% off) for UTC 16:30-00:30, so being able to schedule some stuff you know would take a ton of tokens for that time period would make sense.
I moved to Max after projecting a $2,000 annual API bill. I haven't yet hit five hour limits, but login/ toggles easily between plans. I believe the interface tells you when you've hit a limit, but as I said I don't know first hand.
According to CCUsage, I hit limits on Opus usage around the equivalent of $150. If we naively extrapolate, that suggests about $600 of Opus usage per session on Max 20x.
Also Sonnet only, no Opus. That being said it lets you use the included stuff and easily switch to metered if you need to use a different model or you burn through your included allotment.
I suggest a video on the README and breaking up that entire README into docs because it's too much content, then writing a much shorter README that gives people the answer they want coming into the page
prompt>
The docs are way to verbose and there's just too much content. The @readme.md and every doc in @docs/ needs to be trimmed down by ~50%. Please work hard, think hard, and work step by step, and file by file to make sure we have the best possible docs at about half the total size. Peace and love <3
I love Claude Code but I am extremely sick of slop readmes. Every time I notice I'm reading LLM output as a readme I feel punched in the gut. I didn't notice it with this project though.
I read the description of what this is (nb. maybe move that to the top instead of the middle of the page?), and I don't think I understand what problem it solves.
> Reduced interruptions: Automatically handles permission dialogs based on configurable rules
Why? Claude Code already gives you the option to accept requests permanently going forward. The cost of configuring rules is worse than the cost of just telling Claude Code "yes and you don't need to ask again".
I'd like to see a few motivating user stories, tbh.
>Why? Claude Code already gives you the option to accept requests permanently going forward. The cost of configuring rules is worse than the cost of just telling Claude Code "yes and you don't need to ask again".
want to see this mode fail catastrophically? write enough CLI stuff w/ python w/ powershell or wsl or some other 'leaky' cli. It will eventually fail a command and then try to pipe a shell command through the python interpreter or a specific PS incantation.
This means that you now need to approve 'git' , and 'python sh git' and 'powershell.exe git' and 'wsl.exe ubuntu git' as separate and independent commands. (I dont remember the shell incantation command so excuse the pseudocode).
That means that for the entire gambit of approvals needed for continued permission for a singular task might be 4x greater than normal -- probably more given that claude is aware of so many different ways to pipe to shell..
Claude has been adding PYTHONPATH to test commands, and for some reason, the “don’t ask again” doesn’t stick for these types of commands. So I’ve been trying to get it to use make commands, which can modify the environment, and don’t trigger the same permission issues. Just now I finally put it in CLAUDE.md “always use make commands to run tests”. Haven’t seen yet whether it will stick.
I hate to be pessimistic but this is something that CC doesn't seem good at: forgetting the tools that it loves and using the ones you want it to. You might want to try "disallowing" that command(?) explicitly (in addition to adding to CLAUDE.md and/or prompt).
I'm not sure what command is being called to set PYTHONPATH. If my assumption that it relates to a specific command is incorrect the above probably isn't helpful.
haven’t used claude code directly, but at least through copilot ive seen it read my makefile, extract the command, and run it directly after modifications. telling it to use make helped, but wasn’t perfect
I have a lot of different projects, scenarios, and edge cases where it's helpful to me.
I think you will find that if you're interactive mode there will always be some dialogs to dismiss, especially if you're jumping around a lot of different projects, etc. So for me the goals are somewhere at the intersection of the interactive mode and unattended operation.
It depends what your goals are for sure. TBH I use it mostly in full yolo mode. But toolsets are much more useful for me. I can create groups of mcps and pre-allowed permissions and reuse that "preset". I have different types of projects that I use different toolsets for each.
But yeah, I hear you. This is pretty niche and might solve problems that only I care about.
Good chance this will ultimately end up being part of a set of training wheels that I'll take off gradually as I am able to move work over to using non-interactive instances of CC.
If you like the idea but they aren't working the way you'd like let me know. They aren't very "well baked" but I'll dump some time into improving at some point. If you have pain points or feedback I'll be happy to consider it.
BTW, I also intend to add some way to send push notifications of some sort. I need to be reminded when Claude is done hustling and and it's time to leave the comfort of my iced coffee on the patio for a keyboard and glowing terminal screen.
It's going to be hilarious to watch Anthropic argue with a straight face that it's illegal (or at least tortious) to take someone else's IP and repurpose it
It's perfectly coherent to be in favour of strong protection of trademarks but also weaker copyright laws. They have very different purposes (broadly, consumer protection as a mark of origin vs incentivising creativity). Just because they're both in the legal category of "IP" doesn't mean it's hypocritical to have very different positions on both.
Yeah I mean ignoring the legal risks, naming something "$Company-name $Tool" is begging to have it confused with an official product from $Company-name. Even if you don't care about the legal risks, at least care about your users not being confused about who made the thing.
Really like this idea - my team was looking to build something like this ourselves. The only thing I would add to this repository would be the ability to add a global Claude.md file that would be common across the team (across different repos).
That's a good idea. Personally I don't use CLAUDE.md (everything goes in the prompt, thanks to context-composer, which I'll share another day) so I'm not motivated to have it but I'd be happy to collaborate on it and get that kind of feature merged in.
That's something I'd like to explore more. It's one of the reason I created "trusted roots". So I can open new worktrees and open claude in them all in one step without any confirmation.
If you want to suggest anything specific feel free to open an issue and we explore it more.
Question for those who burn through Max limits- what type of tasks do you do that burn so much of the limit? I’d imagine it has to be a lot of code being produced? Or is it large inputs that burn through it quickly?
If you run Claude so often during the day - what is it doing for you all the time?
Still it means it does really heavy lift. I’d like to understand how to extract bigger efficiency gains from Claude etc , because currently often times I just waste time with it and give up after several attempts
I think I'm going to trigger half of hacker news with this, but honestly nothing claude does on my machine seems particularly scary, and it's way too far from AGI for me to worry about hostile takeover right now =P
I think the real use cases are something like:
1. Try cautious mode, gain confidence, switch to yolo 2. Use yolo mode and find that it keeps doing something that annoys or scares you so you configure an exception for it
On number 2 I thought I would use it this way to prevent some unwanted behavior but I ended up learning how to avoid those behaviors in other ways.
There’s a strong chance it will remove your web service auth filter chain to make an integration test pass.
I’m less worried about hostile behaviors than stupid ones.
https://support.anthropic.com/en/articles/11145838-using-cla...
I like it. thanks for the effort.
Been using $50-100 of Opus tokens through API access per day. Think I’ll hit the Max 20x limits and get put in timeout?
I wish Max could automatically overflow to API access when it times out so I would need to have token anxiety.
I thought you needed an API key to work with Claude Code
It definitely could use some editing!
https://github.com/possibilities/claude-composer/commit/45e1...
https://github.com/possibilities/claude-composer/commit/dbb5...
You would also expect some eat-your-own-dog-food, why does https://github.com/possibilities/claude-composer/blob/main/s... not use CC with a prompt…
(Ps I left x/twitter a long time)
That's pretty much it and the concept of "toolsets"
> You would also expect some eat-your-own-dog-food
Maybe, but personally I don't see a reason to use an LLM to release an npm module
> Reduced interruptions: Automatically handles permission dialogs based on configurable rules
Why? Claude Code already gives you the option to accept requests permanently going forward. The cost of configuring rules is worse than the cost of just telling Claude Code "yes and you don't need to ask again".
I'd like to see a few motivating user stories, tbh.
want to see this mode fail catastrophically? write enough CLI stuff w/ python w/ powershell or wsl or some other 'leaky' cli. It will eventually fail a command and then try to pipe a shell command through the python interpreter or a specific PS incantation.
This means that you now need to approve 'git' , and 'python sh git' and 'powershell.exe git' and 'wsl.exe ubuntu git' as separate and independent commands. (I dont remember the shell incantation command so excuse the pseudocode).
That means that for the entire gambit of approvals needed for continued permission for a singular task might be 4x greater than normal -- probably more given that claude is aware of so many different ways to pipe to shell..
I'm not sure what command is being called to set PYTHONPATH. If my assumption that it relates to a specific command is incorrect the above probably isn't helpful.
Good luck!
I have a lot of different projects, scenarios, and edge cases where it's helpful to me.
I think you will find that if you're interactive mode there will always be some dialogs to dismiss, especially if you're jumping around a lot of different projects, etc. So for me the goals are somewhere at the intersection of the interactive mode and unattended operation.
It depends what your goals are for sure. TBH I use it mostly in full yolo mode. But toolsets are much more useful for me. I can create groups of mcps and pre-allowed permissions and reuse that "preset". I have different types of projects that I use different toolsets for each.
But yeah, I hear you. This is pretty niche and might solve problems that only I care about.
Thank you.. :-)
BTW, I also intend to add some way to send push notifications of some sort. I need to be reminded when Claude is done hustling and and it's time to leave the comfort of my iced coffee on the patio for a keyboard and glowing terminal screen.
It's perfectly coherent to be in favour of strong protection of trademarks but also weaker copyright laws. They have very different purposes (broadly, consumer protection as a mark of origin vs incentivising creativity). Just because they're both in the legal category of "IP" doesn't mean it's hypocritical to have very different positions on both.
I'd recommend you change it right away
Let me vibe it out with Claude Code!
If you want to suggest anything specific feel free to open an issue and we explore it more.