Add per-project full permissions toggle for --dangerously-skip-permissions

New projects default to standard permission mode (Claude asks before acting). Existing projects default to full permissions ON, preserving current behavior. UI toggle uses red/caution styling to highlight the security implications. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 08:58:13 -07:00
6 changed files with 62 additions and 8 deletions
--- a/HOW-TO-USE.md
+++ b/HOW-TO-USE.md
@@ -92,7 +92,7 @@ Select your project in the sidebar and click **Start**. A progress modal appears

 Click the **Terminal** button to open an interactive terminal session. A new tab appears in the top bar and an xterm.js terminal loads in the main area.

-Claude Code launches automatically with `--dangerously-skip-permissions` inside the sandboxed container.
+Claude Code launches automatically. By default, it runs in standard permission mode and will ask for your approval before executing commands or editing files. To enable auto-approval of all actions within the sandbox, enable **Full Permissions** in the project configuration.

 ### 5. Authenticate

@@ -236,6 +236,18 @@ Available skills include `/mission`, `/flight`, `/leg`, `/agentic-workflow`, `/f

 > This setting can only be changed when the container is stopped. Toggling it triggers a container recreation on the next start.

+### Full Permissions
+
+Toggle **Full Permissions** to allow Claude Code to run with `--dangerously-skip-permissions` inside the container. This is **off by default**.
+
+When **enabled**, Claude auto-approves all tool calls (file edits, shell commands, etc.) without prompting you. This is the fastest workflow since you won't be interrupted for approvals, and the Docker container provides isolation.
+
+When **disabled** (default), Claude prompts you for approval before executing each action, giving you fine-grained control over what it does.
+
+> **CAUTION:** Enabling full permissions means Claude can execute any command inside the container without asking. While the container sandbox limits the blast radius, make sure you understand the implications — especially if the container has Docker socket access or network connectivity.
+
+> This setting can only be changed when the container is stopped. It takes effect the next time you open a terminal session.
+
 ### Environment Variables

 Click **Edit** to open the environment variables modal. Add key-value pairs that will be injected into the container. Per-project variables override global variables with the same key.
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Triple-C (Claude-Code-Container)

-Triple-C is a cross-platform desktop application that sandboxes Claude Code inside Docker containers. When running with `--dangerously-skip-permissions`, Claude only has access to the files and projects you explicitly provide to it.
+Triple-C is a cross-platform desktop application that sandboxes Claude Code inside Docker containers. Each project can optionally enable full permissions mode (`--dangerously-skip-permissions`), giving Claude unrestricted access within the sandbox.

 ## Architecture

--- a/app/src-tauri/src/commands/terminal_commands.rs
+++ b/app/src-tauri/src/commands/terminal_commands.rs
@@ -17,10 +17,11 @@ fn build_terminal_cmd(project: &Project, state: &AppState) -> Vec<String> {
            .unwrap_or(false);

    if !is_bedrock_profile {
-        return vec![
-            "claude".to_string(),
-            "--dangerously-skip-permissions".to_string(),
-        ];
+        let mut cmd = vec!["claude".to_string()];
+        if project.full_permissions {
+            cmd.push("--dangerously-skip-permissions".to_string());
+        }
+        return cmd;
    }

    // Resolve AWS profile: project-level → global settings → "default"
@@ -33,6 +34,12 @@ fn build_terminal_cmd(project: &Project, state: &AppState) -> Vec<String> {

    // Build a bash wrapper that validates credentials, re-auths if needed,
    // then exec's into claude.
+    let claude_cmd = if project.full_permissions {
+        "exec claude --dangerously-skip-permissions"
+    } else {
+        "exec claude"
+    };
+
    let script = format!(
        r#"
 echo "Validating AWS session for profile '{profile}'..."
@@ -58,9 +65,10 @@ else
        echo ""
    fi
 fi
-exec claude --dangerously-skip-permissions
+{claude_cmd}
 "#,
-        profile = profile
+        profile = profile,
+        claude_cmd = claude_cmd
    );

    vec![
--- a/app/src-tauri/src/models/project.rs
+++ b/app/src-tauri/src/models/project.rs
@@ -24,6 +24,10 @@ fn default_protocol() -> String {
    "tcp".to_string()
 }

+fn default_full_permissions() -> bool {
+    true
+}
+
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct Project {
    pub id: String,
@@ -40,6 +44,8 @@ pub struct Project {
    pub allow_docker_access: bool,
    #[serde(default)]
    pub mission_control_enabled: bool,
+    #[serde(default = "default_full_permissions")]
+    pub full_permissions: bool,
    pub ssh_key_path: Option<String>,
    #[serde(skip_serializing, default)]
    pub git_token: Option<String>,
@@ -162,6 +168,7 @@ impl Project {
            openai_compatible_config: None,
            allow_docker_access: false,
            mission_control_enabled: false,
+            full_permissions: false,
            ssh_key_path: None,
            git_token: None,
            git_user_name: None,
--- a/app/src/components/projects/ProjectCard.tsx
+++ b/app/src/components/projects/ProjectCard.tsx
@@ -712,6 +712,32 @@ export default function ProjectCard({ project }: Props) {
                </button>
              </div>

+              {/* Full Permissions toggle */}
+              <div className="flex items-center gap-2">
+                <label className="text-xs text-[var(--text-secondary)]">
+                  Full Permissions
+                  <span className="text-[var(--error)] font-semibold ml-1">(CAUTION)</span>
+                  <Tooltip text="When enabled, Claude runs with --dangerously-skip-permissions and auto-approves all tool calls without prompting. Only enable this if you trust the sandboxed environment to contain all actions. When disabled, Claude will ask for your approval before running commands, editing files, etc." />
+                </label>
+                <button
+                  onClick={async () => {
+                    try {
+                      await update({ ...project, full_permissions: !project.full_permissions });
+                    } catch (err) {
+                      console.error("Failed to update full permissions setting:", err);
+                    }
+                  }}
+                  disabled={!isStopped}
+                  className={`px-2 py-0.5 text-xs rounded transition-colors disabled:opacity-50 ${
+                    project.full_permissions
+                      ? "bg-[var(--error)] text-white"
+                      : "bg-[var(--bg-primary)] border border-[var(--border-color)] text-[var(--text-secondary)]"
+                  }`}
+                >
+                  {project.full_permissions ? "ON" : "OFF"}
+                </button>
+              </div>
+
              {/* Environment Variables */}
              <div className="flex items-center justify-between">
                <label className="text-xs text-[var(--text-secondary)]">
--- a/app/src/lib/types.ts
+++ b/app/src/lib/types.ts
@@ -26,6 +26,7 @@ export interface Project {
  openai_compatible_config: OpenAiCompatibleConfig | null;
  allow_docker_access: boolean;
  mission_control_enabled: boolean;
+  full_permissions: boolean;
  ssh_key_path: string | null;
  git_token: string | null;
  git_user_name: string | null;