diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 9 |
1 files changed, 7 insertions, 2 deletions
@@ -31,8 +31,13 @@ Each `consult` call runs Claude Code with: - no configured MCP servers (`--strict-mcp-config --mcp-config '{"mcpServers":{}}'`) - a read-only built-in toolset: - `Bash,Read,Grep,Glob,LS,WebFetch,WebSearch` -- `--permission-mode dontAsk`, so only preapproved read-only Bash patterns can - execute and edit tools never appear in the session +- `--dangerously-skip-permissions` +- an external `systemd-run --user` sandbox instead of Claude's internal permission gate + - the filesystem stays globally read-only under `ProtectSystem=strict` + - `phone_opus` gives Claude a separate persistent home and XDG state under its own state root + - `/tmp` and `/var/tmp` stay writable + - when the consulted `cwd` sits inside a writable tree such as `/tmp/...`, that consulted tree is remounted read-only so Claude cannot accidentally edit the target repo +- internet access remains available ## Development |