WEBVTT 00:00:00.080 --> 00:00:03.840 That dangerous permission mode I showed you in the last lecture clearly 00:00:03.920 --> 00:00:07.340 has some potential problems. You don't wanna erase your hard 00:00:07.360 --> 00:00:11.240 drive. That's why there also is a safer way of running Claude 00:00:11.320 --> 00:00:14.620 in that mode, at least if you have Docker installed. 00:00:14.660 --> 00:00:17.980 Because if you do have Docker installed and up and running on your 00:00:18.020 --> 00:00:21.690 system, you can use Dockers sandbox feature, 00:00:21.740 --> 00:00:25.290 relatively new, which allows you to run things, 00:00:25.340 --> 00:00:29.100 tools in an isolated sandbox that's set up on the 00:00:29.170 --> 00:00:33.060 fly on your system by Docker. And you can specifically use Docker 00:00:33.160 --> 00:00:37.080 Sandbox to run Claude, to run Claude Code in this 00:00:37.120 --> 00:00:40.600 project in a sandbox. And what this will do is it will 00:00:40.610 --> 00:00:44.220 now set up a Docker Sandbox, wrap your 00:00:44.300 --> 00:00:48.100 local project you're working on in that sandbox, and 00:00:48.180 --> 00:00:51.560 use Claude Code in that sandbox to then start it in there. 00:00:51.570 --> 00:00:55.240 And it will, by default, start it in this dangerous 00:00:55.460 --> 00:00:59.330 skip permissions mode because in that sandbox, Claude 00:00:59.360 --> 00:01:02.530 Code can't touch your computer, your system. 00:01:02.600 --> 00:01:06.490 Even if it wrote a script that erased the hard drive, it wouldn't be 00:01:06.600 --> 00:01:10.020 able to go out of that sandbox. It would be limited to this 00:01:10.280 --> 00:01:14.240 project. And that, of course, is therefore a safer way of running 00:01:14.280 --> 00:01:18.180 it. Sure, it can still do weird stuff to your Git 00:01:18.340 --> 00:01:22.320 all that, so that's something to be aware of, 00:01:22.400 --> 00:01:26.280 overall machine. So when running this, I have to go through that setup 00:01:26.340 --> 00:01:29.720 again and connect again because it is a brand-new 00:01:30.140 --> 00:01:33.900 system in the end for Claude Code in which it's now running. 00:01:33.980 --> 00:01:37.740 And as you see, it by default runs in this bypass 00:01:38.220 --> 00:01:41.800 in that sandbox. So I can again ask it 00:01:41.900 --> 00:01:45.860 for changes and then to commit those changes, and it will still be 00:01:45.900 --> 00:01:49.520 able to do that. It's still able to work on this project 00:01:49.660 --> 00:01:53.060 to edit the files in this project but even 00:01:53.080 --> 00:01:56.640 theoretically, it won't be able to do anything outside of 00:01:56.660 --> 00:02:00.560 project. And you can, therefore, use Claude in the Docker 00:02:00.660 --> 00:02:03.800 Sandbox just as you can use it outside of it. 00:02:03.860 --> 00:02:07.420 It's just a bit secure when using this dangerous 00:02:07.440 --> 00:02:11.420 permission mode here. You can also use all those Claude CLIs 00:02:11.500 --> 00:02:15.480 I showed you before and you find in the official 00:02:15.540 --> 00:02:17.359 or dash P.