Skip to main content

Module dangerous

claude_wrapper

Module dangerous 

Source
Expand description

Opt-in dangerous operations. Currently: bypass permissions.

Running the claude CLI with --permission-mode bypassPermissions turns off all confirmation prompts for tool use. It’s legitimate for some automation – but it’s also the fastest way to turn a bug into a destructive action.

This module isolates that capability behind a type you have to explicitly reach for (DangerousClient), and a runtime env-var gate (ALLOW_ENV) you have to explicitly set.

§Example

use claude_wrapper::{Claude, QueryCommand};
use claude_wrapper::dangerous::DangerousClient;

// At process start:
//   export CLAUDE_WRAPPER_ALLOW_DANGEROUS=1

let claude = Claude::builder().build()?;
let dangerous = DangerousClient::new(claude)?;

let output = dangerous
    .query_bypass(QueryCommand::new("clean up the build artifacts"))
    .await?;
println!("{}", output.stdout);

§Why this shape

  • Separate type. DangerousClient::new is the only public path to building a bypassed query. If a reader of calling code sees DangerousClient, the danger is obvious at the call site.
  • Runtime env-var gate. The check happens at construction, so a caller who forgot to set the env-var gets a typed error rather than silently running with bypass off (which might surprise them) or silently running with bypass on (which might destroy things).
  • Not a cargo feature. Feature-gating adds a second layer of friction (recompile) without making the runtime behaviour any safer. The env-var matches how Go’s claude-code-go/dangerous gates the same operation.

§Migrating from crate::PermissionMode::BypassPermissions

The enum variant is kept (marked #[deprecated]) so existing callers continue to compile with a warning. New code should go through DangerousClient.

Structs§

DangerousClient
Wrapper that lets callers run bypass-permissions queries against an underlying Claude client. Construction is gated by the ALLOW_ENV env-var.

Constants§

ALLOW_ENV
The env-var that must equal "1" at process start for DangerousClient::new to succeed. Set deliberately – this is the explicit acknowledgement that bypass mode is OK in this process.