Skip to content

Commit b500446

Browse files
fix: remove --dangerously-skip-permissions (not allowed as root)
Modal containers run as root, and Claude Code blocks this flag for security. Also fixed Modal secret - was not setting ANTHROPIC_API_KEY env var correctly.
1 parent 0c790d4 commit b500446

1 file changed

Lines changed: 6 additions & 7 deletions

File tree

src/policyengine_api/agent_sandbox.py

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66

77
import modal
88

9-
# Sandbox image with Bun and Claude Code CLI
9+
# Sandbox image with Bun and Claude Code CLI (v2 - with ToS pre-accept)
1010
sandbox_image = (
1111
modal.Image.debian_slim(python_version="3.12")
1212
.apt_install("curl", "git", "unzip")
@@ -18,15 +18,16 @@
1818
"export BUN_INSTALL=/root/.bun && export PATH=$BUN_INSTALL/bin:$PATH && "
1919
"ln -s $BUN_INSTALL/bin/bun /usr/local/bin/node && "
2020
"bun install -g @anthropic-ai/claude-code",
21-
# Pre-accept ToS and configure for non-interactive use
21+
# Pre-accept ToS and configure for non-interactive use (v2)
2222
"mkdir -p /root/.claude && "
2323
'echo \'{"hasCompletedOnboarding": true, "hasAcknowledgedCostThreshold": true}\' '
24-
"> /root/.claude/settings.json",
24+
"> /root/.claude/settings.json && cat /root/.claude/settings.json",
2525
)
2626
.env(
2727
{
2828
"BUN_INSTALL": "/root/.bun",
2929
"PATH": "/root/.bun/bin:/usr/local/bin:/usr/bin:/bin",
30+
"CLAUDE_CODE_SKIP_ONBOARDING": "1", # Cache bust + extra safety
3031
}
3132
)
3233
)
@@ -97,7 +98,7 @@ def run_claude_code_in_sandbox(
9798
)
9899

99100
# Run Claude Code with the question
100-
# --dangerously-skip-permissions: auto-accept permission prompts (required for non-interactive)
101+
# Note: Can't use --dangerously-skip-permissions as root (Modal runs as root)
101102
# --max-turns: limit execution to prevent runaway
102103
print("[SANDBOX] Starting claude CLI with question", flush=True)
103104
logfire.info("run_claude_code_in_sandbox: starting claude CLI")
@@ -108,7 +109,6 @@ def run_claude_code_in_sandbox(
108109
"--output-format",
109110
"stream-json",
110111
"--verbose",
111-
"--dangerously-skip-permissions",
112112
"--max-turns",
113113
"10",
114114
"--allowedTools",
@@ -153,13 +153,12 @@ def run_policy_analysis(
153153

154154
logfire.info("Starting Claude Code", question=question[:100])
155155

156-
# Run Claude Code
156+
# Run Claude Code (no --dangerously-skip-permissions since we run as root)
157157
result = subprocess.run(
158158
[
159159
"claude",
160160
"-p",
161161
question,
162-
"--dangerously-skip-permissions",
163162
"--max-turns",
164163
"10",
165164
"--allowedTools",

0 commit comments

Comments
 (0)