https://aleos.dev/tags/ai/Recent content in Ai on aleosHugoenThu, 02 Apr 2026 00:00:00 +0000https://aleos.dev/posts/2026-04-02-claude-code-permissions/Thu, 02 Apr 2026 00:00:00 +0000https://aleos.dev/posts/2026-04-02-claude-code-permissions/<p>Claude Code asks permission before running bash commands. Except when it doesn&rsquo;t. Some commands run silently, others prompt every time, and the documentation doesn&rsquo;t fully explain which is which. I emptied my allow list, tested 40+ commands, enabled the sandbox, broke <code>gh</code>, and ended up back where I started — with finely tuned permission rules and no sandbox. Here&rsquo;s what I found.</p> <h2 id="the-four-layers"> The four layers <a class="heading-link" href="#the-four-layers"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>Claude Code has four independent security layers, evaluated in order:</p>