Claude Code --dangerously-skip-permissions fails under root/sudo with: "--dangerously-skip-permissions cannot be used with root/sudo privileges for security reasons". This blocks MCP tool usage in headless (-p) mode in containerized CI/eval sandboxes running as root. The --permission-mode bypassPermissions flag has the same restriction.
Set IS_SANDBOX=1 in the environment before spawning claude:
const env = { ...process.env, IS_SANDBOX: "1" };
const proc = spawn(["claude", "-p", prompt, "--dangerously-skip-permissions", ...], { env });Alternatively, CLAUDE_CODE_BUBBLEWRAP (any truthy value) also bypasses the check.
The root check in Claude Code (v2.1.133) is:
if (process.getuid() === 0 && process.env.IS_SANDBOX !== "1" && !process.env.CLAUDE_CODE_BUBBLEWRAP)This is the intended escape hatch for ephemeral sandboxed environments (Docker, CI runners) where the root restriction is unnecessary.