Headless Claude Code: Agents, JSON Alerts, and Sandbox Locks

Lachlan Reed

G'day everyone! [excited] Welcome to the show. I'm Lachlan Reed, and as always, I'm joined by James Turner. Today we are diving straight into some serious terminal wizardry, but first, a massive shoutout to Jellypod for making this daily show a reality. Now, James, I was poking around the v2.1.169 release of Claude Code, and they have quietly handed us the keys to complete headless automation.

James Turner

Oh, the updates to `claude agents` are massive! [excited] Especially if you've ever tried to script Claude in a CI/CD pipeline or a background cron job. Before this release, running Claude as a background agent was a bit of a black box. But now, they've upgraded `claude agents --json` with two crucial additions: the `--all` flag and the `waitingFor` field.

Lachlan Reed

That `waitingFor` field is the real gold nugget here. [chuckles] See, previously, if your background agent hit a point where it needed user permission—like, say, running a sketchy terminal command or writing to a protected directory—the script would just hang. You'd be staring at a blank terminal like a stunned mullet. Now, the JSON output explicitly tells your orchestrator script, "Hey, I'm blocked because I'm waiting on a permission prompt."

James Turner

Right, it literally exposes the state machine of the agent. So, if you run `claude agents --json --all`, you get a structured list of every active background agent. If one of them is stuck, the `waitingFor` key in that JSON payload will populate with something like `USER_APPROVAL`. Your wrapper script can parse that and trigger an alert, or even programmatically approve it if you've built an auto-decide layer.

Lachlan Reed

Exactly! [excited] You'd just pipe that output straight into `jq`. Imagine a bash loop running every five seconds, doing `claude agents --json --all | jq '.[] | select(.status == "paused" and .waitingFor == "USER_APPROVAL")'`. If that returns a hit, you can fire off a Slack webhook or a PagerDuty alert. It turns Claude from an interactive CLI tool into a fully queryable system daemon.

James Turner

Which brings us to the security elephant in the room. [serious] If you're running these agents headlessly or letting them loose on a server, you do not want them running wild. That's why the introduction of the `CLAUDE_CODE_DISABLE_BUNDLED_SKILLS` environment variable—or the `disableBundledSkills` config setting—is a massive win for enterprise sandboxing.

Lachlan Reed

Spot on. It's all about restricting the blast radius. When you set `CLAUDE_CODE_DISABLE_BUNDLED_SKILLS=true`, you are essentially stripping Claude of its default slash commands and built-in workflows. No more `/search`, no more automatic git commits, and no more executing bundled bash scripts that you haven't explicitly whitelisted.

James Turner

It's the ultimate lock-down mode. [thoughtful] If you disable those bundled skills, Claude is forced to rely solely on the explicit tools you expose to it via your own custom API schemas or runtime environments. It prevents the model from trying to be clever and using a default workflow that might bypass your custom security proxies.

Lachlan Reed

Yeah, but there is a massive caveat here, mate. [concerned] If you strip all those default capabilities, you're also stripping its legs. If your automation scripts rely on Claude using its standard filesystem search or file editing skills to refactor code, those will fail silently or throw errors because the model suddenly doesn't know how to call those slash commands anymore. You've gotta be prepared to build your own custom tool definitions to replace what you took away.

James Turner

Exactly, you have to find that sweet spot between absolute security and actual utility. [reflective] If you're going to sandbox it, you need to be highly intentional about the specific subset of tools you expose. It's a classic trade-off: headless automation gives you incredible leverage, but only if you design the guardrails properly.

Lachlan Reed

Well said, James. It's a whole new paradigm for local agent execution. Let us know if you've started running Claude Code in your deployment pipelines yet. That's all for today's quick tech teardown. Catch you all tomorrow! [warmly]

James Turner

See ya! [cheerful]