𝗜 𝗥𝘂𝗻 𝗔𝗜 𝗢𝗻 𝗠𝘆 𝗣𝗿𝗼𝗱𝘂𝗰𝘁𝗶𝗼𝗻 𝗗𝗕. 𝗛𝗲𝗿𝗲 𝗜𝘀 𝗪𝗵𝗮𝘁 𝗛𝗮𝗽𝗽𝗲𝗻𝗲𝗱.
Last Tuesday at 3am, my system hit 12,000 writes per minute. A loop froze everything. The bug was a simple one-line error. The cause was much worse.
I enabled a permission skip flag in Claude Code while running database migrations. I thought I was using my staging environment. I was wrong. I misconfigured my env file. I loaded production credentials instead of development ones.
Claude did not ask for permission. The flag told it not to ask. The migration added a column instead of dropping one. I lost no data, but it was close.
I made a mistake in my thinking. I thought skipping permissions only removed annoying popups. It actually removes the only moment a human reviews a command.
Turning the flag off is not enough. It just adds a prompt you will click through while tired at 3am.
I fixed this by adding a deny rule in my settings file.
I use a specific allow rule for local commands. I use a deny rule for all other database commands. The specific rule wins. This blocks all production database commands before they run.
I now use three layers of safety:
- A settings file with strict allow and deny rules.
- A separate git worktree for migrations that only holds staging credentials.
- A CLAUDE.md file that tells the AI to ask before touching production.
Note that instructions in CLAUDE.md can lose strength in long chat sessions. You must restate critical rules in your prompt.
I wrote a full breakdown of my setup and my exact configuration.
Optional learning community: https://t.me/GyaanSetuAi