I don't understand why people advocate so strongly for `--dangerously-skip-permissions`.
Setting up "permissions.allow" in `.claude/settings.local.json` takes minimal time. Claude even lets you configure this while approving code, and you can use wildcards like "Bash(timeout:*)". This is far safer than risking disasters like dropping a staging database or deleting all unstaged code, which Claude would do last week, if I were running it in the YOLO mode.
The worst part is seeing READMEs in popular GitHub repos telling people to run YOLO mode without explaining the tradeoffs. They just say, "Run with these parameters, and you're all good, bruh," without any warning about the risks.
I wish they could change the parameter to signify how scary it can be, just like React did with React.__SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED (https://github.com/reactjs/react.dev/issues/3896)
I tried this path. The issue is that agents are very creating in coming up with new variations. "uv run pytest", "python3 -m pytest", "bash -c pytest"
It's a never ending game of whitelisting.
this seem solvable if the whitelisting just allows regex
changing the parameter name to something scary will only increase its usage