Dev.to
6/19/2026

I let Claude Code run --dangerously-skip-permissions on my production DB. Here's what I changed.
Short summary
A production incident revealed how Claude Code's --dangerously-skip-permissions flag removes the human safety review moment entirely—it's not just skipping confirmation popups. The author's misconfigured env file accidentally pointed a D1 migration at production instead of staging; a fortunate ADD COLUMN (not DROP) prevented data loss. Fixes involved allowlist/denylist rules in .claude/settings.json, isolated git worktrees for migration work with staging-only credentials, and CLAUDE.md instructions—creating layered defensive boundaries.
- •--dangerously-skip-permissions removes human review, not execution constraints
- •Misconfigured env file exposed production DB to unreviewed migrations
- •Defense-in-depth: allowlist/denylist rules + git worktrees + CLAUDE.md instructions
Generated with AI, which can make mistakes.
Is this a good recommendation for you?



