A guide to safely running coding agents in YOLO mode locally

yakkomajuri1 pts0 comments

A guide to safely running coding agents in YOLO mode locally

Thoughts are mine and mine only. I don't ever use LLMs for writing.

TL;DR

This is a guide on how to set things up so that you can run cc in any directory and get a Docker container with a coding agent running in YOLO mode with all your plugins, skills, and configs, so you don't need to approve what it does but you still keep your machine safe.

If you don't want to read you can just use my yolo-agents repo, but it's specific to Claude Code and you may need to tweak it to your system/needs, which is why I wrote a whole guide explaining the concepts you need to know.

Intro

I've been surprised to hear that a lot of my friends are either still approving every other thing Claude Code or Codex does, or that they run these coding agents in YOLO mode freely without any guardrails.

I think the former is much better than the latter, since you're not being a turkey, but it is inefficient. And those just running on YOLO straight up are running more risk than they think in my opinion.

Claude Code has launched "Auto mode" now, which appears helpful, but I'd be scared to completely trust it. So I thought it was a good time to write about how to have a seamless setup for running these agents in YOLO mode in a Docker container. I never wrote about this before because I thought it would be commonplace, but I realized it doesn't seem to be.

Hence, here it is, a tutorial on how to set things up so that you run one command (in my case cc) and get a running Claude Code (or whatever coding agent you use) in YOLO mode with access to your config, skills, plugins, relevant packages, and the current directory.

Running it this way means that anything dangerous or malicious is going to happen inside that Docker container, so the agent can't delete your home directory for instance. As a result, you can let it run more freely without approving the stuff it does. You're still subject to other vulnerabilities though, such as the agent exfiltrating sensitive stuff like your code or any keys it might have access to if it gets prompt injected. Just making it clear that this setup doesn't protect you from everything, but it does protect your machine.

Guide

Prerequisites

Docker installed

A coding agent of your choice (I'll use Claude Code for the example)

My setup is for MacOS, but it should also work on Linux. It won't work on Windows but the concepts will generally be the same.

What we're doing

Basically the things we want to accomplish are:

Running the coding agent in a Docker container for safety

Ensuring that the agent has access to do anything in the directory you want it to work in

Making this as easy to run as running the agent outside a container

Ensuring all of our skills, plugins, etc. are available in the container

Ensuring the agent has all the tools it needs to work

Step 1: Put the agent in the container

The simplest working thing we can do is just a Dockerfile that installs e.g. Claude Code.

That would look like this:

FROM node:20-bookworm-slim

RUN apt-get update && apt-get install -y --no-install-recommends \<br>git \<br>curl \<br>ca-certificates \<br>&& rm -rf /var/lib/apt/lists/*

RUN curl -fsSL https://claude.ai/install.sh | bash

ENV PATH="/root/.local/bin:${PATH}"

WORKDIR /workspace

ENTRYPOINT ["claude", "--dangerously-skip-permissions"]

Now you just need to run docker build -t claude-code . once and then you can run docker run -it -v "$PWD:/workspace" claude-code and boom, you've got Claude Code running with access to everything in the current directory (because we're mounting it as a volume).

The problem is that you need to authenticate every time, your skills and plugins are not going to come through, and this is a bit annoying to type out.

So let's keep going.

Step 2: Auth

This is the first gotcha, at least on MacOS. Claude Code on Mac stores credentials in Keychain, meaning we can't just mount ~/.claude/.credentials.json and be done with it.

Now this is one of the parts where the approach will vary from coding agent to coding agent, which is the partly why I'm building this guide: by being aware of the gotchas and moving parts, you can build/prompt this yourself for your setup more easily, otherwise you might get stuck debugging.

(I wonder if you could just point your agent to this post and have it serve as a spec.)

Anyway, so for Claude Code what we want now is to make a little entrypoint.sh script:

#!/bin/bash<br>set -e

# take a token from the env and add it to credentials.json<br>if [[ -n "${CLAUDE_CODE_OAUTH_TOKEN:-}" ]]; then<br>mkdir -p "$HOME/.claude"<br>cat > "$HOME/.claude/.credentials.json" "$HOME/.claude.json"

exec "$@"

This script will take a token from the environment (we'll get to how we get this token soon) and add it to credentials.json which will work in a Linux image.

Our Dockerfile also needs to change to use this entrypoint script [1]:

FROM node:20-bookworm-slim

RUN apt-get update && apt-get install -y...

claude agent code running coding yolo

Related Articles