Bypass Permissions Mode - Claude Code
Skip all permission checks. Container and VM use only.
Bypass permissions mode disables Claude Code's permission system entirely. It should only run inside an isolated container or VM.
What it does
Every tool call goes through without evaluation. Protected paths still block - you can't touch .git, .claude, or similar guarded locations - but otherwise Claude can do whatever it's asked. This is the mode for sandboxed agents where the environment itself is the safety boundary.
When to use it
- Ephemeral container agents where the filesystem is disposable.
- Dev containers or VMs set up specifically for automated Claude work.
- Anywhere the host is already isolated from anything you care about.
- Never on your personal machine or production server.
Gotchas
- Protected paths still apply. That's the one safety net you can't turn off.
- Running bypass mode outside a sandbox is how you lose data. The docs are very clear: don't.
- Audit logging still fires. If something goes wrong, the trail exists.
Official docs: https://code.claude.com/docs/en/permission-modes.md#skip-all-checks-with-bypasspermissions-mode
Technical content at the intersection of AI and development. Building with AI agents, Claude Code, and modern dev tools - then showing you exactly how it works.
Get the weekly deep dive
Tutorials on Claude Code, AI agents, and dev tools - delivered free every week.
Was this helpful?
