Context
Chief invokes Claude Code with --dangerously-skip-permissions (YOLO mode), which bypasses Claude Code's sandbox entirely. Users may not realize this means filesystem/network isolation is not in effect.
Problem
The config docs mention sandboxing at the bottom, but the sandbox is actually bypassed by Chief. A user reported nearly having rm -rf run without any prompt (related upstream: anthropics/claude-code#4956).
Suggested solution
- Add a bright, prominent warning in the README and docs about the security implications of
--dangerously-skip-permissions
- Consider showing a warning in the TUI on first run or in the status bar
- Update the config doc to clarify that Claude Code's sandbox mode is not active when running through Chief
Context
Chief invokes Claude Code with
--dangerously-skip-permissions(YOLO mode), which bypasses Claude Code's sandbox entirely. Users may not realize this means filesystem/network isolation is not in effect.Problem
The config docs mention sandboxing at the bottom, but the sandbox is actually bypassed by Chief. A user reported nearly having
rm -rfrun without any prompt (related upstream: anthropics/claude-code#4956).Suggested solution
--dangerously-skip-permissions