Dataface Tasks
    Heartbeat snapshot (JSON)

    Pilot Claude Code auto mode instead of skip-permissions

    IDINFRA_TOOLING-PILOT_CLAUDE_CODE_AUTO_MODE_INSTEAD_OF_SKIP_PERMISSIONS
    Statuscompleted
    Priorityp2
    Milestonem3-public-launch
    Ownersr-engineer-architect
    Completed bydave
    Completed2026-03-24

    Problem

    Anthropic shipped Claude Code auto mode: a classifier gates destructive or high-risk tool use while allowing routine edits and commands, as a safer middle path than dangerously skipping all permissions. Team often runs dangerous mode today; evaluate standardizing on auto mode for local Dataface work (pilot, measure friction vs near-miss risk), document recommended settings in contributor or agent docs, and reserve dangerous mode for disposable sandboxes only.

    Context

    • Product: Claude Code “auto mode” sits between default per-tool approvals and --dangerously-skip-permissions. Anthropic describes a classifier that allows routine edits/commands to proceed while blocking or escalating destructive patterns (e.g. mass delete, risky exfil, malicious execution). Third-party writeup: 9to5Mac, 2026-03-24.
    • Reality today: Several contributors run dangerous/skip-permissions on real clones for velocity. That accepts full tail risk on .env, git, broad rm, and network.
    • Repo touchpoints for a decision: AGENTS.md, CLAUDE.md, .cursor/rules/revbot.mdc (agents already warned about blocking tools), and any internal “how we use Claude Code” notes. No application code change required unless we add a checked-in settings snippet (only if the product supports repo-local config without secrets).
    • Constraints: Availability may be tiered (e.g. Teams preview first). Document what we recommend when the feature is available to each person. Do not store API keys or org policy in the task file.

    Possible Solutions

    • A — Document-only (“pilot checklist”). Add a short section to contributor or agent docs: try auto mode for two weeks, log interruptions vs any blocked risky action, default stance for Dataface clones. Pros: Cheap, reversible. Cons: No enforcement; people can ignore.
    • B — Pilot with explicit exit criteria. Same as A plus a worksheet in the task Implementation Progress: who ran it, dates, “switched back to dangerous? why?”, one paragraph recommendation. Pros: Captures evidence for M3. Cons: Manual.
    • C — Standardize on auto mode in docs and discourage dangerous except sandboxes. After pilot, update docs to “default auto; dangerous only in disposable worktrees/CI sandboxes.” Pros: Clear norm. Cons: Premature if classifier is too noisy or unavailable for part of the team.

    Recommended: B — lightweight evidence-gathering without pretending to enforce IDE settings. Roll forward to C only if pilot notes show acceptable friction and no near-misses.

    Plan

    1. Confirm access — Note in Implementation Progress who has auto mode (plan tier / Claude Code version). If someone lacks access, mark their row “N/A pending org rollout.”
    2. Pilot (time-boxed, e.g. 1–2 weeks) — Each participant runs auto mode on a normal Dataface worktree (not production secrets-heavy environments if avoidable). Track: extra prompts per day worse/better than dangerous mode; any false blocks; any action they were glad was gated.
    3. Decide — If friction is low and safety wins are real, draft doc updates (Recommended locations: CLAUDE.md environment/workflow blurb and/or AGENTS.md PR/agent section) stating default recommendation and when dangerous mode is acceptable.
    4. Land docs — Small PR: single clear subsection, link to Anthropic docs when stable URL is known; keep 9to5Mac as secondary if needed. No boilerplate.
    5. Close criteria — Task complete when either (a) docs reflect team decision with pilot summary appended in Implementation Progress, or (b) explicitly deferred with reason (e.g. org-wide access blocked) and a one-line “revisit when …” note in Implementation Progress.

    Implementation Progress

    2026-03-24 — Initial doc updates (Plan steps 3–4)

    Decision: Proceeding with Option B → C. Auto mode is available now; documenting the recommended stance and updating existing dangerous-mode references.

    Changes made:

    1. CLAUDE.md — Added "Claude Code Permission Mode" section recommending --auto as the default for local work, reserving --dangerously-skip-permissions for disposable CI sandboxes only.
    2. AGENTS.md — Updated qa-explorer guidance to prefer --auto over dangerous mode for non-interactive automation.
    3. .codex/skills/qa-explorer/SKILL.md — Updated default permission mode from --dangerously-skip-permissions to --auto with a note that dangerous mode is for disposable sandboxes only.

    Pilot tracking (Plan step 2):

    Participant Has auto mode? Start date Switched back? Notes
    (fill in) Yes / No YYYY-MM-DD

    Fill in rows as team members begin the pilot. After 1–2 weeks, evaluate friction and update this section with a recommendation to finalize (Option C) or defer.

    QA Exploration

    N/A — tooling and documentation pilot only (no product UI).

    • [x] QA exploration completed (or N/A for non-UI tasks)

    Review Feedback

    • [ ] Review cleared