diff --git a/HOW-TO-USE.md b/HOW-TO-USE.md
index fb81cc6..25e1c54 100644
--- a/HOW-TO-USE.md
+++ b/HOW-TO-USE.md
@@ -92,7 +92,7 @@ Select your project in the sidebar and click **Start**. A progress modal appears
 
 Click the **Terminal** button to open an interactive terminal session. A new tab appears in the top bar and an xterm.js terminal loads in the main area.
 
-Claude Code launches automatically with `--dangerously-skip-permissions` inside the sandboxed container.
+Claude Code launches automatically. By default, it runs in standard permission mode and will ask for your approval before executing commands or editing files. To enable auto-approval of all actions within the sandbox, enable **Full Permissions** in the project configuration.
 
 ### 5. Authenticate
 
@@ -236,6 +236,18 @@ Available skills include `/mission`, `/flight`, `/leg`, `/agentic-workflow`, `/f
 
 > This setting can only be changed when the container is stopped. Toggling it triggers a container recreation on the next start.
 
+### Full Permissions
+
+Toggle **Full Permissions** to allow Claude Code to run with `--dangerously-skip-permissions` inside the container. This is **off by default**.
+
+When **enabled**, Claude auto-approves all tool calls (file edits, shell commands, etc.) without prompting you. This is the fastest workflow since you won't be interrupted for approvals, and the Docker container provides isolation.
+
+When **disabled** (default), Claude prompts you for approval before executing each action, giving you fine-grained control over what it does.
+
+> **CAUTION:** Enabling full permissions means Claude can execute any command inside the container without asking. While the container sandbox limits the blast radius, make sure you understand the implications — especially if the container has Docker socket access or network connectivity.
+
+> This setting can only be changed when the container is stopped. It takes effect the next time you open a terminal session.
+
 ### Environment Variables
 
 Click **Edit** to open the environment variables modal. Add key-value pairs that will be injected into the container. Per-project variables override global variables with the same key.
diff --git a/README.md b/README.md
index 92cbbdd..fadf97b 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Triple-C (Claude-Code-Container)
 
-Triple-C is a cross-platform desktop application that sandboxes Claude Code inside Docker containers. When running with `--dangerously-skip-permissions`, Claude only has access to the files and projects you explicitly provide to it.
+Triple-C is a cross-platform desktop application that sandboxes Claude Code inside Docker containers. Each project can optionally enable full permissions mode (`--dangerously-skip-permissions`), giving Claude unrestricted access within the sandbox.
 
 ## Architecture
 
diff --git a/app/src-tauri/src/commands/terminal_commands.rs b/app/src-tauri/src/commands/terminal_commands.rs
index 6b91e27..eced0e0 100644
--- a/app/src-tauri/src/commands/terminal_commands.rs
+++ b/app/src-tauri/src/commands/terminal_commands.rs
@@ -17,10 +17,11 @@ fn build_terminal_cmd(project: &Project, state: &AppState) -> Vec<String> {
             .unwrap_or(false);
 
     if !is_bedrock_profile {
-        return vec![
-            "claude".to_string(),
-            "--dangerously-skip-permissions".to_string(),
-        ];
+        let mut cmd = vec!["claude".to_string()];
+        if project.full_permissions {
+            cmd.push("--dangerously-skip-permissions".to_string());
+        }
+        return cmd;
     }
 
     // Resolve AWS profile: project-level → global settings → "default"
@@ -33,6 +34,12 @@ fn build_terminal_cmd(project: &Project, state: &AppState) -> Vec<String> {
 
     // Build a bash wrapper that validates credentials, re-auths if needed,
     // then exec's into claude.
+    let claude_cmd = if project.full_permissions {
+        "exec claude --dangerously-skip-permissions"
+    } else {
+        "exec claude"
+    };
+
     let script = format!(
         r#"
 echo "Validating AWS session for profile '{profile}'..."
@@ -58,9 +65,10 @@ else
         echo ""
     fi
 fi
-exec claude --dangerously-skip-permissions
+{claude_cmd}
 "#,
-        profile = profile
+        profile = profile,
+        claude_cmd = claude_cmd
     );
 
     vec![
diff --git a/app/src-tauri/src/models/project.rs b/app/src-tauri/src/models/project.rs
index 94c07a0..c4b24d0 100644
--- a/app/src-tauri/src/models/project.rs
+++ b/app/src-tauri/src/models/project.rs
@@ -24,6 +24,10 @@ fn default_protocol() -> String {
     "tcp".to_string()
 }
 
+fn default_full_permissions() -> bool {
+    true
+}
+
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct Project {
     pub id: String,
@@ -40,6 +44,8 @@ pub struct Project {
     pub allow_docker_access: bool,
     #[serde(default)]
     pub mission_control_enabled: bool,
+    #[serde(default = "default_full_permissions")]
+    pub full_permissions: bool,
     pub ssh_key_path: Option<String>,
     #[serde(skip_serializing, default)]
     pub git_token: Option<String>,
@@ -162,6 +168,7 @@ impl Project {
             openai_compatible_config: None,
             allow_docker_access: false,
             mission_control_enabled: false,
+            full_permissions: false,
             ssh_key_path: None,
             git_token: None,
             git_user_name: None,
diff --git a/app/src/components/projects/ProjectCard.tsx b/app/src/components/projects/ProjectCard.tsx
index 4cfb25b..bc78f58 100644
--- a/app/src/components/projects/ProjectCard.tsx
+++ b/app/src/components/projects/ProjectCard.tsx
@@ -712,6 +712,32 @@ export default function ProjectCard({ project }: Props) {
                 </button>
               </div>
 
+              {/* Full Permissions toggle */}
+              <div className="flex items-center gap-2">
+                <label className="text-xs text-[var(--text-secondary)]">
+                  Full Permissions
+                  <span className="text-[var(--error)] font-semibold ml-1">(CAUTION)</span>
+                  <Tooltip text="When enabled, Claude runs with --dangerously-skip-permissions and auto-approves all tool calls without prompting. Only enable this if you trust the sandboxed environment to contain all actions. When disabled, Claude will ask for your approval before running commands, editing files, etc." />
+                </label>
+                <button
+                  onClick={async () => {
+                    try {
+                      await update({ ...project, full_permissions: !project.full_permissions });
+                    } catch (err) {
+                      console.error("Failed to update full permissions setting:", err);
+                    }
+                  }}
+                  disabled={!isStopped}
+                  className={`px-2 py-0.5 text-xs rounded transition-colors disabled:opacity-50 ${
+                    project.full_permissions
+                      ? "bg-[var(--error)] text-white"
+                      : "bg-[var(--bg-primary)] border border-[var(--border-color)] text-[var(--text-secondary)]"
+                  }`}
+                >
+                  {project.full_permissions ? "ON" : "OFF"}
+                </button>
+              </div>
+
               {/* Environment Variables */}
               <div className="flex items-center justify-between">
                 <label className="text-xs text-[var(--text-secondary)]">
diff --git a/app/src/lib/types.ts b/app/src/lib/types.ts
index 02a0803..dbf878a 100644
--- a/app/src/lib/types.ts
+++ b/app/src/lib/types.ts
@@ -26,6 +26,7 @@ export interface Project {
   openai_compatible_config: OpenAiCompatibleConfig | null;
   allow_docker_access: boolean;
   mission_control_enabled: boolean;
+  full_permissions: boolean;
   ssh_key_path: string | null;
   git_token: string | null;
   git_user_name: string | null;