Am I the only person who just runs claude code in yolo mode? Curious about these tools for fine-grained permission, did you get burned in a bad way?
I think I'm going to trigger half of hacker news with this, but honestly nothing claude does on my machine seems particularly scary, and it's way too far from AGI for me to worry about hostile takeover right now =P
Personally yes I do run it in yolo mode. And I think, to the extent anyone will use this project, people mostly won't be using the fine grained control. For me toolsets and full yolo are what is useful in this project.
I think the real use cases are something like:
1. Try cautious mode, gain confidence, switch to yolo
2. Use yolo mode and find that it keeps doing something that annoys or scares you so you configure an exception for it
On number 2 I thought I would use it this way to prevent some unwanted behavior but I ended up learning how to avoid those behaviors in other ways.
Fair, I've had a similar experience. The edge-cases like installing weird dependencies (somebody mentioned that on this thread) I just deal with by changing my CLAUDE.md, and so far that's been fine.
I think if I end up not finding a real person (or myself) using them I'll ax it. It would take some heft off the project. Maybe just yolo OR cautious and call it day.
I remember seeing on twitter how Claude 4 Sonnet tried to run rm -r ~ for some reason within cursor. It could have been a meme potentially, but from my experience this doesn’t seem to be to far off as it does weird things for weird reasons sometimes
Yeah, that's fair, but in this particular case I have instructions to avoid dependencies unless absolutely necessary and that works well. It's not a risk I'm super worried about.
I'm not a heavy user by any means. I use it for project setup and routine-but-hard-to-automate refactoring, package upgrades, config files, fiddly stuff like that, for which it has been awesome. For me it's ~$30/mo.
Anything your user has permissions to do, basically. It is absolutely possible to cause serious issues with it in yolo mode, but for me the risk seems acceptably low.
Anything you can think of, but IIRC it asks you if it can perform a particular command (you can tell it to remember that it can or something like that).
Literally anything a terminal command can do to your machine. Delete things, install malware, send your data to the FBI, start a fire by overheating (ok, now I'm just kidding... or not)
I was thinking that on this, folks need a cron task to run a trivial prompt at 5-6am and get that 5hr timer running so that it the majority of the quota is available in the working day morning, and then a new 5hr block starts around lunch time. This should maximise use of included tokens by a standard work day spanning 3 blocks rather than 2
Also useful for paid APIs like DeepSeek's, where they have cheaper inference price (50%/75% off) for UTC 16:30-00:30, so being able to schedule some stuff you know would take a ton of tokens for that time period would make sense.
I moved to Max after projecting a $2,000 annual API bill. I haven't yet hit five hour limits, but login/ toggles easily between plans. I believe the interface tells you when you've hit a limit, but as I said I don't know first hand.
According to CCUsage, I hit limits on Opus usage around the equivalent of $150. If we naively extrapolate, that suggests about $600 of Opus usage per session on Max 20x.
Also Sonnet only, no Opus. That being said it lets you use the included stuff and easily switch to metered if you need to use a different model or you burn through your included allotment.
I suggest a video on the README and breaking up that entire README into docs because it's too much content, then writing a much shorter README that gives people the answer they want coming into the page
prompt>
The docs are way to verbose and there's just too much content. The @readme.md and every doc in @docs/ needs to be trimmed down by ~50%. Please work hard, think hard, and work step by step, and file by file to make sure we have the best possible docs at about half the total size. Peace and love <3
I love Claude Code but I am extremely sick of slop readmes. Every time I notice I'm reading LLM output as a readme I feel punched in the gut. I didn't notice it with this project though.
That's something I'd like to explore more. It's one of the reason I created "trusted roots". So I can open new worktrees and open claude in them all in one step without any confirmation.
If you want to suggest anything specific feel free to open an issue and we explore it more.
I read the description of what this is (nb. maybe move that to the top instead of the middle of the page?), and I don't think I understand what problem it solves.
> Reduced interruptions: Automatically handles permission dialogs based on configurable rules
Why? Claude Code already gives you the option to accept requests permanently going forward. The cost of configuring rules is worse than the cost of just telling Claude Code "yes and you don't need to ask again".
I'd like to see a few motivating user stories, tbh.
>Why? Claude Code already gives you the option to accept requests permanently going forward. The cost of configuring rules is worse than the cost of just telling Claude Code "yes and you don't need to ask again".
want to see this mode fail catastrophically? write enough CLI stuff w/ python w/ powershell or wsl or some other 'leaky' cli. It will eventually fail a command and then try to pipe a shell command through the python interpreter or a specific PS incantation.
This means that you now need to approve 'git' , and 'python sh git' and 'powershell.exe git' and 'wsl.exe ubuntu git' as separate and independent commands. (I dont remember the shell incantation command so excuse the pseudocode).
That means that for the entire gambit of approvals needed for continued permission for a singular task might be 4x greater than normal -- probably more given that claude is aware of so many different ways to pipe to shell..
Claude has been adding PYTHONPATH to test commands, and for some reason, the “don’t ask again” doesn’t stick for these types of commands. So I’ve been trying to get it to use make commands, which can modify the environment, and don’t trigger the same permission issues. Just now I finally put it in CLAUDE.md “always use make commands to run tests”. Haven’t seen yet whether it will stick.
I hate to be pessimistic but this is something that CC doesn't seem good at: forgetting the tools that it loves and using the ones you want it to. You might want to try "disallowing" that command(?) explicitly (in addition to adding to CLAUDE.md and/or prompt).
I'm not sure what command is being called to set PYTHONPATH. If my assumption that it relates to a specific command is incorrect the above probably isn't helpful.
haven’t used claude code directly, but at least through copilot ive seen it read my makefile, extract the command, and run it directly after modifications. telling it to use make helped, but wasn’t perfect
I have a lot of different projects, scenarios, and edge cases where it's helpful to me.
I think you will find that if you're interactive mode there will always be some dialogs to dismiss, especially if you're jumping around a lot of different projects, etc. So for me the goals are somewhere at the intersection of the interactive mode and unattended operation.
It depends what your goals are for sure. TBH I use it mostly in full yolo mode. But toolsets are much more useful for me. I can create groups of mcps and pre-allowed permissions and reuse that "preset". I have different types of projects that I use different toolsets for each.
But yeah, I hear you. This is pretty niche and might solve problems that only I care about.
Good chance this will ultimately end up being part of a set of training wheels that I'll take off gradually as I am able to move work over to using non-interactive instances of CC.
If you like the idea but they aren't working the way you'd like let me know. They aren't very "well baked" but I'll dump some time into improving at some point. If you have pain points or feedback I'll be happy to consider it.
BTW, I also intend to add some way to send push notifications of some sort. I need to be reminded when Claude is done hustling and and it's time to leave the comfort of my iced coffee on the patio for a keyboard and glowing terminal screen.
It's going to be hilarious to watch Anthropic argue with a straight face that it's illegal (or at least tortious) to take someone else's IP and repurpose it
It's perfectly coherent to be in favour of strong protection of trademarks but also weaker copyright laws. They have very different purposes (broadly, consumer protection as a mark of origin vs incentivising creativity). Just because they're both in the legal category of "IP" doesn't mean it's hypocritical to have very different positions on both.
Yeah I mean ignoring the legal risks, naming something "$Company-name $Tool" is begging to have it confused with an official product from $Company-name. Even if you don't care about the legal risks, at least care about your users not being confused about who made the thing.
Really like this idea - my team was looking to build something like this ourselves. The only thing I would add to this repository would be the ability to add a global Claude.md file that would be common across the team (across different repos).
That's a good idea. Personally I don't use CLAUDE.md (everything goes in the prompt, thanks to context-composer, which I'll share another day) so I'm not motivated to have it but I'd be happy to collaborate on it and get that kind of feature merged in.
Question for those who burn through Max limits- what type of tasks do you do that burn so much of the limit? I’d imagine it has to be a lot of code being produced? Or is it large inputs that burn through it quickly?
If you run Claude so often during the day - what is it doing for you all the time?
Still it means it does really heavy lift. I’d like to understand how to extract bigger efficiency gains from Claude etc , because currently often times I just waste time with it and give up after several attempts
Am I the only person who just runs claude code in yolo mode? Curious about these tools for fine-grained permission, did you get burned in a bad way?
I think I'm going to trigger half of hacker news with this, but honestly nothing claude does on my machine seems particularly scary, and it's way too far from AGI for me to worry about hostile takeover right now =P
Personally yes I do run it in yolo mode. And I think, to the extent anyone will use this project, people mostly won't be using the fine grained control. For me toolsets and full yolo are what is useful in this project.
I think the real use cases are something like:
1. Try cautious mode, gain confidence, switch to yolo 2. Use yolo mode and find that it keeps doing something that annoys or scares you so you configure an exception for it
On number 2 I thought I would use it this way to prevent some unwanted behavior but I ended up learning how to avoid those behaviors in other ways.
Fair, I've had a similar experience. The edge-cases like installing weird dependencies (somebody mentioned that on this thread) I just deal with by changing my CLAUDE.md, and so far that's been fine.
I think if I end up not finding a real person (or myself) using them I'll ax it. It would take some heft off the project. Maybe just yolo OR cautious and call it day.
I just rub it in Docker to limit folder access and prevent it from being able to push to my remote repo. Indestructible.
Not a bad idea, thanks.
I use their official dev container config and limit access to a small list of domains too
I remember seeing on twitter how Claude 4 Sonnet tried to run rm -r ~ for some reason within cursor. It could have been a meme potentially, but from my experience this doesn’t seem to be to far off as it does weird things for weird reasons sometimes
It was because it had created a directory named "~" and then tried to remove it, which Bash would of course interpret as the actual home directory
"Scary" doesn't need to mean Skynet taking over, it could just mean that Claude decides to yolo install a library with malware in it.
There’s an infinitesimal chance that it’ll p0wn your repo.
There’s a strong chance it will remove your web service auth filter chain to make an integration test pass.
Yeah, that's fair, but in this particular case I have instructions to avoid dependencies unless absolutely necessary and that works well. It's not a risk I'm super worried about.
If you add mcp tooling you can quickly go off local.
I’m less worried about hostile behaviors than stupid ones.
Side question... how much is it costing you to run Claude Code on a regular basis?
I'm not a heavy user by any means. I use it for project setup and routine-but-hard-to-automate refactoring, package upgrades, config files, fiddly stuff like that, for which it has been awesome. For me it's ~$30/mo.
FYI: Claude Code was just added to the Pro Plan ($20/month). I just switched. My usage was roughly the same.
https://support.anthropic.com/en/articles/11145838-using-cla...
Thanks, good to know!
Honest question: What could it do to your machine if it went crazy? I've not used Claude Code yet.
Anything your user has permissions to do, basically. It is absolutely possible to cause serious issues with it in yolo mode, but for me the risk seems acceptably low.
Anything you can think of, but IIRC it asks you if it can perform a particular command (you can tell it to remember that it can or something like that).
Literally anything a terminal command can do to your machine. Delete things, install malware, send your data to the FBI, start a fire by overheating (ok, now I'm just kidding... or not)
Add a 5 hour timer so that us with MAX subs can know when to come back to our Opus work.
I like it. thanks for the effort.
I was thinking that on this, folks need a cron task to run a trivial prompt at 5-6am and get that 5hr timer running so that it the majority of the quota is available in the working day morning, and then a new 5hr block starts around lunch time. This should maximise use of included tokens by a standard work day spanning 3 blocks rather than 2
Also useful for paid APIs like DeepSeek's, where they have cheaper inference price (50%/75% off) for UTC 16:30-00:30, so being able to schedule some stuff you know would take a ton of tokens for that time period would make sense.
It hard resets limits every 5 hours instead of a sliding window?
That’s what their usage warning prompts seem to indicate.
Thinking of switching from API access to Max 20x tomorrow for a more consistent bill.
Been using $50-100 of Opus tokens through API access per day. Think I’ll hit the Max 20x limits and get put in timeout?
I wish Max could automatically overflow to API access when it times out so I would need to have token anxiety.
I moved to Max after projecting a $2,000 annual API bill. I haven't yet hit five hour limits, but login/ toggles easily between plans. I believe the interface tells you when you've hit a limit, but as I said I don't know first hand.
According to CCUsage, I hit limits on Opus usage around the equivalent of $150. If we naively extrapolate, that suggests about $600 of Opus usage per session on Max 20x.
Can you help me understand how that works?
I thought you needed an API key to work with Claude Code
They give you Claude Code usage on all the paid plans now. A certain amount of usage is shared between Chat and Code.
Not all paid plans, just Max. Pro doesn’t get access to Claude Code.
This changed recently (like a day ago or so), pro has access to Claude code now. They mention it's for "light coding work" on the pro plan: https://support.anthropic.com/en/articles/11145838-using-cla...
Also Sonnet only, no Opus. That being said it lets you use the included stuff and easily switch to metered if you need to use a different model or you burn through your included allotment.
I suggest a video on the README and breaking up that entire README into docs because it's too much content, then writing a much shorter README that gives people the answer they want coming into the page
As a heavy Claude user, I’ve seen many examples of what it will produce as a README, and they all look exactly like this.
It definitely could use some editing!
Yeah I tried to keep it chill but it went pretty wild w/ docs. I think I'll just ask it to go on a 50% diet and see what happens! Stay tuned. :)
Ozempic treatment complete. Should be 50% less annoying.
https://github.com/possibilities/claude-composer/commit/45e1...
Oops wrong link
https://github.com/possibilities/claude-composer/commit/dbb5...
prompt> The docs are way to verbose and there's just too much content. The @readme.md and every doc in @docs/ needs to be trimmed down by ~50%. Please work hard, think hard, and work step by step, and file by file to make sure we have the best possible docs at about half the total size. Peace and love <3
I love Claude Code but I am extremely sick of slop readmes. Every time I notice I'm reading LLM output as a readme I feel punched in the gut. I didn't notice it with this project though.
Just dropped another 300 lines by manually editing. Glad you called out this slop. Thanks!
This is pretty epic! This should come standard with Claude Code. Thanks for this! Now going to bed, and will wake up to a brand new feature :)
<3
Don’t get fully the use-cases this tool solves except for some auto-accept.
You would also expect some eat-your-own-dog-food, why does https://github.com/possibilities/claude-composer/blob/main/s... not use CC with a prompt…
(Ps I left x/twitter a long time)
> auto-accept
That's pretty much it and the concept of "toolsets"
> You would also expect some eat-your-own-dog-food
Maybe, but personally I don't see a reason to use an LLM to release an npm module
Would be lovely if this included some defaults around managing git worktrees for parallel work.
That's something I'd like to explore more. It's one of the reason I created "trusted roots". So I can open new worktrees and open claude in them all in one step without any confirmation.
If you want to suggest anything specific feel free to open an issue and we explore it more.
I read the description of what this is (nb. maybe move that to the top instead of the middle of the page?), and I don't think I understand what problem it solves.
> Reduced interruptions: Automatically handles permission dialogs based on configurable rules
Why? Claude Code already gives you the option to accept requests permanently going forward. The cost of configuring rules is worse than the cost of just telling Claude Code "yes and you don't need to ask again".
I'd like to see a few motivating user stories, tbh.
>Why? Claude Code already gives you the option to accept requests permanently going forward. The cost of configuring rules is worse than the cost of just telling Claude Code "yes and you don't need to ask again".
want to see this mode fail catastrophically? write enough CLI stuff w/ python w/ powershell or wsl or some other 'leaky' cli. It will eventually fail a command and then try to pipe a shell command through the python interpreter or a specific PS incantation.
This means that you now need to approve 'git' , and 'python sh git' and 'powershell.exe git' and 'wsl.exe ubuntu git' as separate and independent commands. (I dont remember the shell incantation command so excuse the pseudocode).
That means that for the entire gambit of approvals needed for continued permission for a singular task might be 4x greater than normal -- probably more given that claude is aware of so many different ways to pipe to shell..
Claude has been adding PYTHONPATH to test commands, and for some reason, the “don’t ask again” doesn’t stick for these types of commands. So I’ve been trying to get it to use make commands, which can modify the environment, and don’t trigger the same permission issues. Just now I finally put it in CLAUDE.md “always use make commands to run tests”. Haven’t seen yet whether it will stick.
I hate to be pessimistic but this is something that CC doesn't seem good at: forgetting the tools that it loves and using the ones you want it to. You might want to try "disallowing" that command(?) explicitly (in addition to adding to CLAUDE.md and/or prompt).
I'm not sure what command is being called to set PYTHONPATH. If my assumption that it relates to a specific command is incorrect the above probably isn't helpful.
Good luck!
haven’t used claude code directly, but at least through copilot ive seen it read my makefile, extract the command, and run it directly after modifications. telling it to use make helped, but wasn’t perfect
> Why?
I have a lot of different projects, scenarios, and edge cases where it's helpful to me.
I think you will find that if you're interactive mode there will always be some dialogs to dismiss, especially if you're jumping around a lot of different projects, etc. So for me the goals are somewhere at the intersection of the interactive mode and unattended operation.
It depends what your goals are for sure. TBH I use it mostly in full yolo mode. But toolsets are much more useful for me. I can create groups of mcps and pre-allowed permissions and reuse that "preset". I have different types of projects that I use different toolsets for each.
But yeah, I hear you. This is pretty niche and might solve problems that only I care about.
Good chance this will ultimately end up being part of a set of training wheels that I'll take off gradually as I am able to move work over to using non-interactive instances of CC.
You may be able to do this with a user-based settings file, so you can have a base layer of settings across all projects. More on how to do that here: https://docs.anthropic.com/en/docs/claude-code/settings
I like the notifications part! I may try this just for that one feature..
Thank you.. :-)
If you like the idea but they aren't working the way you'd like let me know. They aren't very "well baked" but I'll dump some time into improving at some point. If you have pain points or feedback I'll be happy to consider it.
BTW, I also intend to add some way to send push notifications of some sort. I need to be reminded when Claude is done hustling and and it's time to leave the comfort of my iced coffee on the patio for a keyboard and glowing terminal screen.
Also, good call, I wiggled the readme around a bit. Thanks!
You’re going to be hearing from Anthropic’s legal department very, very soon if you use this name.
It's going to be hilarious to watch Anthropic argue with a straight face that it's illegal (or at least tortious) to take someone else's IP and repurpose it
I think this is about trademark not IP
Trademark is a type of intellectual property protection
GP clearly meant "trademark not copyright".
It's perfectly coherent to be in favour of strong protection of trademarks but also weaker copyright laws. They have very different purposes (broadly, consumer protection as a mark of origin vs incentivising creativity). Just because they're both in the legal category of "IP" doesn't mean it's hypocritical to have very different positions on both.
“Claude Composer” is just blatant trademark infringement. It sounds like an official Anthropic product.
We'll see. Happy to change it up if need be. I'd rather beg for forgiveness than permission. <3
The name is a no-go. They are either going to be nice and ask you to do it or send a cease and desist.
I'd recommend you change it right away
TBH I think it's misleading, as I assumed it was an Anthropic product until seeing the repo owner. For ethical reasons, I think you should change it.
Yeah I mean ignoring the legal risks, naming something "$Company-name $Tool" is begging to have it confused with an official product from $Company-name. Even if you don't care about the legal risks, at least care about your users not being confused about who made the thing.
Really like this idea - my team was looking to build something like this ourselves. The only thing I would add to this repository would be the ability to add a global Claude.md file that would be common across the team (across different repos).
That's a good idea. Personally I don't use CLAUDE.md (everything goes in the prompt, thanks to context-composer, which I'll share another day) so I'm not motivated to have it but I'd be happy to collaborate on it and get that kind of feature merged in.
Yeah let's do it :)
Let me vibe it out with Claude Code!
Go off <3
How are fine grained permissions changed? Is it just modding a known claude configuration file?
No, the "automatic dismissal" effectively scrapes the terminal and parses out info from the dialog.
How much of this was produced with claude code?
All of it, in close collaboration :)
what is possibilities
just a guy with linux
I'd be careful with the branding - it sounds like an official Claude product. Maybe go with "Composer for Claude"?
Yes, the name should be changed ASAP. You don't want to rename it after it becomes established, which you'll inevitably have to do.
Question for those who burn through Max limits- what type of tasks do you do that burn so much of the limit? I’d imagine it has to be a lot of code being produced? Or is it large inputs that burn through it quickly? If you run Claude so often during the day - what is it doing for you all the time?
I am guessing part of it is the size of the code base it has to read to do any changes or understand the required changes?
Still it means it does really heavy lift. I’d like to understand how to extract bigger efficiency gains from Claude etc , because currently often times I just waste time with it and give up after several attempts