Back to feed
Dev.to
Dev.to
6/19/2026
I let Claude Code run --dangerously-skip-permissions on my production DB. Here's what I changed.

I let Claude Code run --dangerously-skip-permissions on my production DB. Here's what I changed.

Short summary

A production incident revealed how Claude Code's --dangerously-skip-permissions flag removes the human safety review moment entirely—it's not just skipping confirmation popups. The author's misconfigured env file accidentally pointed a D1 migration at production instead of staging; a fortunate ADD COLUMN (not DROP) prevented data loss. Fixes involved allowlist/denylist rules in .claude/settings.json, isolated git worktrees for migration work with staging-only credentials, and CLAUDE.md instructions—creating layered defensive boundaries.

  • --dangerously-skip-permissions removes human review, not execution constraints
  • Misconfigured env file exposed production DB to unreviewed migrations
  • Defense-in-depth: allowlist/denylist rules + git worktrees + CLAUDE.md instructions

Generated with AI, which can make mistakes.

Is this a good recommendation for you?

Explore more