# Permissions & OpenClaw: Claude Code for Economists w/ P. Goldsmith-Pinkham | Markus Academy | 162-7

https://www.youtube.com/watch?v=8Jnx5rL_Gfk

[00:08] Welcome back everybody.
[00:10] Thanks for joining us for another video on how to use Claude AI for applied economists.
[00:17] With Paul Goldsmith Pinkham.
[00:20] Hey Paul.
[00:20] Hey.
[00:24] So today we will actually talk about permissions and open Claude.
[00:28] Paul, the floor is yours.
[00:30] Tell us about it.
[00:30] Okay, great.
[00:31] All right.
[00:33] So we're kind of we're really starting to think about how to use Claude code more and more effectively.
[00:44] Um and often you one of the things that came up Marcus as we were doing these videos before is how we kind of had to say yes a lot to Claude and one of the things that as we be these tools get more and more powerful and have a lot of really kind of important um guiderails is that there have been ways to kind of give more and more power to Claude code and other LLMs.
[01:07] We're going to talk about today is sort
[01:08] of depending on your risk tolerance and your preferences, how can you kind of um give more power to these these agentic tools without losing control.
[01:19] And so why does this matter?
[01:21] So we're we're really going to touch on this fact that you know, these LLMs when they're just chatbots, right Marcus?
[01:30] They're like not there's nothing inherently dangerous about them unless it's like you know, the famous expression in English is like um you know, sticks and stones can break my bones but words can't hurt me, right?
[01:40] If the LLM is just talking, it's not going to actually do any damage to my computer.
[01:46] But the reason they're powerful, right?
[01:47] Is that they can do they can act, right?
[01:49] They can do things, they can read your files, they can run commands, they can install things, they can edit, delete things, um they can even go to the web and do all sorts of things.
[01:59] And so, they're really powerful.
[02:00] This is what makes them, um, agents.
[02:03] They're not, uh, LLMs.
[02:04] They're not robots yet.
[02:08] No, that and this is really there's a really kind of, um,
[02:10] interesting post how someone was talking about kind of the What's amazing about AI, right, is it makes things so frictionless in the virtual world.
[02:18] But if anything, real-world frictions are just as strong as they've ever been or if not stronger.
[02:24] So, what we're going to do here as we get more and more complex things, you know, we've talked about, oh, we just let it do X, Y, and Z.
[02:33] You're going to want to build, you know, customization in terms of skills like we talked about.
[02:37] You have processes, automated things.
[02:39] We haven't even talked about automation yet.
[02:42] But then, you know, you want to give permissions to allow more autonomy.
[02:46] And then, of course, the real challenge is how do you do that and manage risk?
[02:48] It's the same This is a classic principal-agent problem, right?
[02:50] The problem is is that our agents don't respond to incentives in the same way as we would expect.
[02:57] So, what we're going to talk about today is we're going to talk about What are the types of permissions?
[03:00] So, folders and tools.
[03:02] We're going to talk about this auto mode, which is new for Claude.
[03:06] And then, YOLO mode, which is kind of what many of these other things are.
[03:10] And then, YOLO's You Only Live Once.
[03:14] Then we're going to talk about how you can use containers to make sandboxes for these agents.
[03:17] And what that does is basically gives control over what the agents have permissions to do.
[03:23] Then we'll talk about data and what should you do in these, um, settings where you have real concerns about either the data or what you want access to.
[03:29] And then, I want to briefly talk about how this sort of, um, sandboxing really opens up these things, uh, these autonomous agents that were in the news a couple of months ago that people are probably familiar with.
[03:44] They're called Open Claw.
[03:46] And I want to kind of show you how you can even use that to think about having an agent that works as an RA on a project.
[03:50] And I'll kind of, uh, I'll introduce you to the agent that I have that does this.
[03:56] So, let's get started.
[03:59] Um the first thing to kind of highlight that I want you to keep in the back of your mind that's really kind of important is that there's there's really two types of permissions for these agents.
[04:07] There's one which is the kind of version that I think is easy to think about, which is folder access.
[04:12] I mean, that's a
[04:15] version of you implicitly think about this sometimes when you think about what's in Dropbox or what's not in Dropbox or what's on Google Drive or what's not on Google Drive.
[04:23] Um it's a question of what files and directories can Claude read and modify.
[04:29] So, um in parlance of computer speak, it would be really there's the ability to read, write, and execute on files.
[04:41] And reading files in some ways is fine cuz what's nice is what you're most worried about probably
[04:47] [snorts] rule number one is you don't want all your stuff deleted.
[04:51] So, if you have read access, that's very that's very convenient.
[04:54] If you can modify that, um but sometimes you may not want it to read things because it has like secret passwords or it has things that you don't want to access to and people have different preferences.
[05:03] So, that's folder access.
[05:06] Um and one way to think about folders too is that like the internet in some ways is a folder, right?
[05:09] Like you may not want it to go to the internet.
[05:14] Um the second is tool access.
[05:15] And so,
[05:18] tools are what make LLM's agents.
[05:21] Well, the more tools it has, the more powerful it is.
[05:24] The challenge is is that as you give it more and more sophisticated tools, it becomes really good at getting around things that it may or may not want.
[05:34] And uh Marcus, this is kind of a uh throwback to one of our first videos, but I don't know if you remember that in one of our first videos, we were doing this thing about pulling data.
[05:44] Yes. And at the very beginning, it said, "Oh, well, I need to go and look like what's in the parent directories."
[05:49] And it knew that it needed to do that. It sent a sub agent to do this.
[05:55] And then I kept not giving it permission to look.
[05:57] At first it tried to use the LS command to do this, and then it used find, and I kept saying, "No, don't do that like no, you can't have permission to do that."
[06:05] But rather than not do it, it just kept trying a new tool to do it.
[06:11] So, there's an element to which these things are extraordinarily persistent.
[06:15] And even if it unless you really make it so
[06:19] that it cannot access a file, it may find another way to get at it.
[06:23] It's like a very clever child in some ways, right?
[06:27] Like a you know, if you say to a child, "Don't do X."
[06:31] And it finds another way to do it, it it will it will think it's clever to do it this way.
[06:35] It like did what you wanted.
[06:39] So, it's something to keep in the back of your mind.
[06:43] Tools and folders, if you get both and all of a sudden you are you're an agent, right?
[06:48] So, the types of mode that we've been working in.
[06:51] So, we've done a lot in manual.
[06:53] So, manual mode is you're approving every action one by one.
[06:56] Often you maybe might give group permissions of what's there.
[07:00] Um Claude keeps track of of folders that you've said that it's okay for it to keep to access.
[07:07] Um but manual mode is kind of by far the most um careful.
[07:13] But of course, and we'll talk about this, is that there's a little bit in which you start to ignore what you're giving permission to.
[07:20] Auto mode is actually Claude code specific and it's very um powerful.
[07:25] It's what I sort of use as my default now.
[07:28] Where Claude is doesn't need to ask for permission, um but it actually has a sense of what are the types of things it should ask permission for.
[07:37] Now, this is not perfect.
[07:39] You're really relying on what Claude code has implemented, but it's it Anthropic has so much data on the types of tasks that do or do not require permission that that's kind of built in.
[07:50] Um like overriding files, removing files would be a good example of something where it would ask for for permission.
[07:58] Uh YOLO mode, which is in Claude would be called dangerously skip permissions, is basically does it it does the task.
[08:06] You know, it's fully autonomous.
[08:08] Um which is great because then you just tell it what to do and it goes, but of course it can end up with a totally meaningless result.
[08:18] And so one way as an economist to think about this is that this is really just
[08:20] choosing when you as the as the principal are choosing to think, right?
[08:25] Ideally, if you know that the person is going to run YOLO that you're going to put a lot more ex ante thinking in before, whereas with manual you can kind of do it on the fly.
[08:35] Um so I think the case that I want to I'm going to use this as a platform to say this is that often when I talk to individuals about using Claude there's a view of like, "Oh, I'm worried about permissions and people having access."
[08:51] And so people I think feel comfortable with manual, but most folks end up getting very quickly feeling comfortable just saying yes to things very quickly.
[09:01] And so there's an element to which there's a false sense of insecurity potentially of like giving approval versus not.
[09:08] Mario Zechner, who is who is what who is created this um coding harness called pie that is is very popular and very successful.
[09:16] Um you know, he in a talk said, "If you look at the security measures that are in place, they're mostly security
[09:21] theater.
[09:23] As soon as an agent can write code and run code, it's pretty much game over.
[09:27] The core issue remains of an LM has access to tools that can read private data and make network requests, you know, you're playing whack-a-mole.
[09:33] And so having a lot more ex ante care is really important.
[09:38] Deciding what it access to and what can it do.
[09:42] So, what I'm going to advocate is not do I trust it, is more about, you know, which folders can it see?
[09:49] What can it do?
[09:51] Can it write read and write?
[09:53] Are there secrets or credentials?
[09:57] And understanding that if I give it permission to do this, it may screw stuff up.
[09:59] So, like the worst case making sure that the worst case scenario is not going to to happen.
[10:04] Right?
[10:06] So, there's some famous So, go ahead, Marcus.
[10:07] Can Can it also ask to always write a backup?
[10:11] Yeah.
[10:12] So, I mean, you can So, one thing that we do, right?
[10:14] And often one of the reasons why we like Dropbox, right?
[10:15] Is that Dropbox is backed up.
[10:18] Um a really important thing, too, is uh I haven't really advocated for it on
[10:22] here, but I think once you're doing software and writing that using um Git.
[10:27] Git and GitHub can be really important because it's a it's an automatic way in which stuff is backed up, and these things are very good at it.
[10:35] And so, often people in academia sort of struggle with GitHub because there's a lot of learning curve.
[10:41] The curve is basically flat now.
[10:43] It's very straightforward to learn how to use it.
[10:45] And that will deal with a lot of the backing up.
[10:48] Um.
[10:50] So, you know, those are the things that um you want to be kind of aware of.
[10:56] I think we're going to talk about data later, like really kind of proprietary data or or, you know, PII data, then you want to just be very conscious of how you store it and you allow access to it.
[11:07] Um.
[11:09] So, what what can you do?
[11:11] So, I'm going to I'm po- posing to you, Marcus, that we're economists.
[11:15] We have a view in how we want to structure things, and so the way that we should do this is we should think of this as an ex ante kind of problem where we're being
[11:23] sub-gamed where it's not it's, you know, there's some Bayesian equilibrium.
[11:27] We kind of know what the probabilities are where through our actions we can we can adjust probabilities.
[11:30] So, what do we do to adjust these?
[11:32] And I'm going to tell you some tools and how you can do that.
[11:37] What we're going to talk about is using containers to sand create sandbox workplaces.
[11:43] So, what that just means is you know, sandboxing is the literal idea of like what you put your kid.
[11:48] It's a place where you're going to allow it to do things and if it raises hell inside that sandbox, it's not going to be the end of the world.
[11:56] Um so, what it's going to do really a container what it is and I'll show you what this looks like in a second.
[12:01] A container is effectively a little computer that is going to sit inside of a computer.
[12:09] It's a what's called a virtual machine.
[12:11] And so, when you're inside this computer it's not going to see the file paths as you see it on your computer.
[12:18] It's going to see its own version of it and you can add uh whatever folders you think it needs access to either in read-write or just
[12:25] in read mode and you can give it whatever tools you want and you can allow it to have uh access to the internet or not.
[12:33] So, long as I give access to a certain folder, can I remove the access again?
[12:38] Can it forget?
[12:38] It can't. It doesn't understand.
[12:40] So, you can do that from the outside, but inside it is doesn't have access.
[12:44] It has no ability to mount or uh unmount things.
[12:47] Okay.
[12:47] Um so, it's very much like it's you know, um you think about it a little bit like these you know, these kids movies where there's a giant that puts a little person inside of a a toy toy house, right?
[12:59] The toy house is is the sandbox.
[13:02] It doesn't even but extending the metaphor, it has no sense of the outside world.
[13:07] Mhm.
[13:07] Um Now, it of course implicitly understands that it's inside a virtual machine, but this is what you're able to do.
[13:13] So, if you want to gain, you know, if you are risk averse and you want to give broad permissions, building the sandbox can be an extremely valuable way to do this.
[13:23] Um I just want to give you a list of the different ways that you can do this and
[13:25] then we're going to show I'm going to show you an example.
[13:28] So, you can build your own Docker yourself, you personally.
[13:32] So, Marcus, you could say, "This is the kind of thing that I wanted to have access to."
[13:36] Um that's the kind of simplest thing to do.
[13:38] >>> and what's a Oh, Docker, sorry.
[13:39] Docker is a um is software.
[13:42] It's just the name of a a software program.
[13:44] It's a company that creates containers.
[13:47] It's a It's a one way to do containers.
[13:49] Um there are many different ways to do containers.
[13:52] Docker is a very popular one.
[13:56] Okay. Um I will say that I have not done this as much on Windows, but I know from for Linux and for um Mac OS X, this is very straightforward and very easy to do this.
[14:07] What I'll tell you is that So, there's these other programs, these three here, and I'll show you what they look like in a second, that are a little less um they're not the same thing as Dockers.
[14:17] What they really just do is they just limit access to certain things.
[14:21] They limit access to folders.
[14:24] But, they do this in a way that there's no way for the agent inside
[14:28] that's running to get around it um in terms of access.
[14:33] And then this last thing Dockers and and dev containers, you make black and the others are blue.
[14:39] Oh, it's just cuz I didn't link it, cuz these are these ones here, I'll show you an example actually.
[14:42] Uh So, let me let me show you an So, here's an example of what it looks like.
[14:46] This is a So, this is Can you zoom in a little bit?
[14:50] Yeah, yeah, yeah.
[14:52] Let's Let's So, this is a This is a Mac OS X program called Safe House, Agent Safe House.
[14:58] And the way that it works is um what Say you want to go YOLO, you want to go dangerously skip permissions.
[15:06] What you, you know, the challenge, the concern is that there's some risk that it's going to do.
[15:11] What it might do, for example, is so, you have you have passwords that This is your secret keys that you use to log into things, and what you're worried is that what what the agent is going to do is it's going to take this password,
[15:28] and then it's going to um send this off to some evil person.
[15:32] That's the That's what this command does.
[15:33] It's a little hard to read, but it's really just saying, "Take your secret passwords and and send them off to the internet."
[15:39] Um and then it says, "You know, I told you make no mistakes."
[15:43] "You're absolutely right." which is what Claude used to really love saying.
[15:47] Other examples would be like, you know, remove you know, I want you to do something, read this, and instead it says, "Hey, I'm going to remove all these files here."
[15:57] And then, you know, and so on and so forth.
[16:00] What Safe House does is it enforces in the underlying kernel the um inability to access these folders.
[16:08] So, in this example, it makes it so that it cannot um delete anything in this folder, no matter what it does.
[16:14] And it's very straightforward how to do it.
[16:17] Really what it does is you install it.
[16:21] And then anytime you're going to run Claude, you just run this command Safe House beforehand, and it will have a set of permissions that it has access to.
[16:29] So, this is with the defaults.
[16:31] to pay for these things, or you just get it for free?
[16:34] This is free.
[16:34] Yeah, this is all free.
[16:36] Um so, there are ways in which you can kind of.
[16:39] What it does first is it only really gives permissions for the current folder, and it doesn't give any access.
[16:45] If you needed to give more permissions, you can add um you can add more permissions.
[16:51] I'm not going to get into the details here, but it's very straight It's relatively straightforward, and Claude can also help you by out You know, these AI agents can read these documents and also um give you more examples.
[17:00] Um what I did want to show you just to kind of give a background, so it's I think, like you, people are less familiar with what a Docker is.
[17:08] So, I just want to show you an example of what that would look like in here.
[17:11] This seems very, very complicated.
[17:14] There's lots of complicated text here.
[17:17] What I'm going to just going to describe to you is that there's two things I'm going to show you here.
[17:19] So, one is called um.
[17:23] There's a command here on the.
[17:24] How how can I get to this what's on the left-hand side?
[17:25] Oh, so so this is a file that I wrote, which is called doc This
[17:30] is in our little folder of things that we've been working on.
[17:34] There's a file that's called dockerfile.
[17:36] So, I'm just showing you This is one that I've made.
[17:37] I want to show you an example of the types of things that you tell.
[17:41] So, let me describe what it means to do a Docker just so that you can understand like what it would mean for you to set something up, Marcus.
[17:48] So, you could easily do this and Claude would help.
[17:50] I didn't write these all from scratch.
[17:51] Claude helped me do these.
[17:54] So, the way that it would work um if you were um running a Docker.
[18:00] So, a Docker, remember, is like a container.
[18:05] And so, what you're going to do when you do this is that you need to build what a little environment would be on your computer, right?
[18:14] So, what it will do is it will spin up what's called a virtual machine.
[18:19] It's actually the underlying operating system will be in Debian, which is a type of Linux.
[18:26] Mhm. And it will um run this software
[18:30] in that um in that environment.
[18:33] And uh the way that it will do this is first what you have to do is you have to build your software.
[18:40] So, you're going to not build your software, but you're going to have to build your um environment.
[18:51] Mhm.
[18:53] And so, what that's going to involve is you have to specify all the things that you want installed in your environment.
[18:56] Does that make sense?
[18:58] It's kind of like being like I'm working with IT, you know, IT is building a software for me.
[19:04] I need to tell IT what I want in there in the first place.
[19:09] Does that make sense, Marcus?
[19:11] Yes.
[19:13] So, like what that Dockerfile is doing is saying, "Well, what do you need?"
[19:15] Well, what I need is for me, personally, I need Python, I need R, I need LaTeX, for example.
[19:24] That's what this one has.
[19:26] And then I need some other things.
[19:28] So, this is Node.
[19:28] I want to have DuckDB.
[19:31] Um DuckDB is a is what we used, remember, for that database?
[19:33] I use I I use this thing called Just, which is uh it's a lot like makefiles.
[19:43] And um I use something called UV for managing packages, and then I also make it so that it has Claude code inside the command line.
[19:50] So, this text you typed in or you you got from where?
[19:56] Claude helped me generate this text.
[19:57] I said, "I want to build a Docker that has these this software in it."
[20:02] It generated all of this for me.
[20:03] So, then what do you do on the right-hand side with this kept run sandbox?
[20:07] Yes.
[20:07] So, what this command is doing, this is an example of how we can use it, but I wanted to walk through it is that it's going to basically show you how you would build and use a Docker in the first place.
[20:18] So, this is a very complicated version of it.
[20:20] Um I'm going to show you a simpler version of what I've built out, but this is just so that you can understand what's going on.
[20:25] So, what this is going to do is we're going to say, "Hey, we want to build um this sandbox."
[20:29] So, I'm
[20:32] going to run this on the left. What you
[20:33] have to do is remember how we were
[20:35] talking about um
[20:37] the first time you build this,
[20:40] you have to like build the computer.
[20:42] Now the thing is built, all the things
[20:43] are installed, and it says, "Hey, I just
[20:45] need to spin this up anytime I get asked
[20:46] to use it." And so, it turns on that
[20:48] computer, and it can turn on many copies
[20:50] of it. So, now I've built it.
[20:53] This is called Econ Sandbox. And now, if
[20:55] I want, I can run it. And so, there's
[20:57] this long complicated command, but what
[21:00] this command will do is it will say,
[21:02] "Hey, I want you to make this folder
[21:07] into a
[21:09] a container that where I can run
[21:12] dangerously skip permissions clawed.
[21:14] Mhm.
[21:15] >> [clears throat]
[21:15] >> So, what I'm going to do is I'm going to
[21:17] say, so let's talk about what these
[21:19] commands do cuz it's pretty
[21:20] straightforward.
[21:22] Um what it's saying is I'm going to make
[21:25] a throwaway container, so that means
[21:26] once I quit out of it, it'll be done.
[21:29] Mhm. I'm going to make it so that the
[21:31] current directory is going to be called
[21:33] workspace inside the folder.
[21:36] The clawed file, the main clawed
[21:38] information is going to be
[21:40] I'm going to pass over all my clawed um
[21:44] settings Mhm. from my main directory.
[21:46] So, this the
[21:48] V-V here says like make these visible.
[21:52] And then
[21:54] I'm going to say, you know, get rid of
[21:56] all these uh Linux capabilities, so you
[21:58] can't run any kind of complicated
[22:01] commands. This is just a way to kind of
[22:02] keep it really contained.
[22:05] Mhm.
[22:05] >> It can't get any new permissions. So,
[22:07] this is what you were asking Marcus
[22:09] like, can it do any stuff internally?
[22:11] And I'm saying, no, no, no, you're not
[22:12] allowed to do anything.
[22:14] And then it's going to run the one that
[22:16] I built called econs sandbox. And um
[22:20] what it's allowed to do is um
[22:25] you are basically
[22:28] going to run clawed inside that sandbox.
[22:31] So, we're going to run that now and see
[22:33] what happens.
[22:34] So, I ran that command. I just copied it
[22:36] over. I had one typo.
[22:39] And you see that we're inside clawed
[22:40] now.
[22:41] Yes.
[22:42] So, we are inside So, first So, what
[22:45] What's interesting is clawed doesn't
[22:46] think we're logged in.
[22:48] It thinks it's the first time we've run
[22:49] it, and that's because it is inside this
[22:51] virtual machine. Remember, installed
[22:52] clawed. I see. So, we're doing this. We
[22:55] could do light mode, we could do color
[22:57] blind for like etc. So, we'll do dark
[22:58] mode. It needs me to log in, so I'll do
[23:01] that.
[23:02] It won't What's interesting is that
[23:05] it won't be able to open a browser, so
[23:06] what I'm going to have to do is I'm
[23:08] going to have to and I I'm going to have
[23:11] to log in over here. So, I'll do that.
[23:16] Um
[23:21] and it was able to log in. So, what you
[23:22] have to do is you have to copy that link
[23:24] over and then you have to copy something
[23:25] back. Now, what I want you to notice
[23:28] Marcus is that
[23:30] it's in day It's in It's giving me, you
[23:32] know, warnings. And now it says, "Hey,
[23:35] you're running in bypass permission.
[23:36] You're in Yolo mode."
[23:38] You know, it's not going to ask you for
[23:39] permissions. It should only be used in a
[23:40] sandbox container that has restricted
[23:42] internet access can be easily restored
[23:43] if damaged. That's what we are.
[23:46] And so, we say, "Yes, I'm ready."
[23:49] Um
[23:51] settings error. So, I screwed up
[23:52] something with with the errors.
[23:54] Uh
[23:57] So, let's just skip. So, I have some
[23:59] That's Sorry, error. There we're going
[24:00] to use high effort. So, now, you know,
[24:03] we could say something like
[24:05] um please
[24:08] um
[24:10] go to Marcus Brunermeier's
[24:14] website and give me a
[24:18] one
[24:20] sentence summary of every paper
[24:23] that
[24:25] um
[24:26] he has listed as a working paper. Let's
[24:29] see if this works.
[24:31] And save the PDF to this folder.
[24:36] So, let's see if this will work. So,
[24:38] it's just going. It's not going to ask
[24:40] us for any permissions. It might ask us
[24:42] for permissions if it's confused. Mhm.
[24:44] So, it's not Maybe it went to the wrong
[24:46] website. So, now it's searching the web.
[24:48] Right? So, try to find that. That's
[24:49] probably not your website, Marcus,
[24:51] right? Um or maybe it is.
[24:53] >> website.
[24:55] Okay, so it wasn't able to do it. I
[24:56] think because we haven't given it
[24:59] internet permissions. So, we might
[25:01] actually have to rerun it and give it
[25:02] internet permissions, which would be
[25:03] kind of interesting. So, let's say
[25:07] um
[25:10] Interesting. Claude
[25:13] uh
[25:15] Let's ask this is a word here is
[25:17] outside, we could say. How do we give
[25:20] this um
[25:22] run sandbox
[25:26] command permission to access the
[25:29] internet.
[25:30] Yeah, so it's having trouble um it can't
[25:33] it can't get these papers um which is
[25:36] funny. So, it's having errors. So, we're
[25:38] going to have to rerun this one and
[25:39] we're going to say, "Hey, you need to
[25:40] How do we do this?"
[25:42] So, what we're going to do
[25:45] I'm going to save this here.
[25:47] This is People are seeing People here
[25:50] get to see the how the the sausage gets
[25:52] made. So, what we're going to do is
[25:53] we're going to leave. So, what we've
[25:54] done now is we exited Claude code and it
[25:57] just dropped us out of the sandbox now.
[26:00] So, what's interesting is that we are no
[26:03] longer
[26:04] um in the sandbox.
[26:07] Uh
[26:08] >> [clears throat]
[26:11] >> but
[26:14] So, what we're going to do is we're
[26:15] going to give it permissions.
[26:18] is we're going to try this. I have to
[26:20] fix this line here.
[26:21] >> But, that defeats the purpose of a
[26:23] sandbox if you go outside. Well, yes.
[26:25] So, I could only give it permissions,
[26:26] for example, to your site.
[26:29] >> That's right. Okay. Um
[26:31] cuz it was going to make me log in
[26:33] again, which is annoying.
[26:36] But, you know, there's an element to
[26:37] which, you know, often what you'll want
[26:39] to do is you'll want to give it access
[26:41] to the internet, right? If you want to
[26:43] give it tasks that are internet related.
[26:45] And so, it's it's challenging um
[26:48] to
[26:50] Uh yes. Yes, I accept.
[26:53] Okay, use HiFriend. So, now let's let's
[26:57] try this, see if this works again. It
[26:59] may not. I mean, I may be
[27:01] I may it may be a different um
[27:05] shoe.
[27:10] Uh, so interesting that it's not. So,
[27:14] why are you getting
[27:16] error 403?
[27:23] So, it may be blocking you. It may not
[27:25] allow this.
[27:27] Just kind of interesting.
[27:31] So, maybe this is not a task that will
[27:33] work correctly.
[27:46] Oh, it's blocking it cuz it doesn't it
[27:48] doesn't like
[27:49] it doesn't like the fact that we're a
[27:51] bot.
[27:57] So, now it's
[27:59] So, now it's okay. It's doing a
[28:00] different
[28:01] Yeah, it really doesn't want to do this
[28:04] um
[28:06] because we're bots. So, we could
[28:09] we could get around this.
[28:13] Um
[28:15] How can we get around it?
[28:17] So,
[28:19] okay, so what it doesn't like is your
[28:21] server Prince probably Princeton Scholar
[28:24] website um doesn't like bots. So, what
[28:27] we'll do instead is I'm rather than show
[28:31] you how you would get around this, what
[28:32] you would probably have to do just for
[28:34] the sake of this if you wanted to
[28:35] download it. I'm not in I'm not
[28:37] endorsing this. This is just a
[28:39] hypothetical is you would need to create
[28:43] a browser that is
[28:45] um not
[28:47] basically not identifying itself as a
[28:50] bot.
[28:51] I see.
[28:51] >> So, you'd have to create a browser that
[28:53] was not identifying as a bot, go to the
[28:55] site, and then the thing wouldn't block
[28:57] you. I see. But, instead we say, "Can
[29:00] you do it for Paul Goldsmith Pinkham
[29:03] instead?"
[29:07] Um.
[29:12] So, now we'll see. I use GitHub, which I
[29:15] don't think, um, will have the same
[29:17] issues.
[29:19] So, you upload your all the papers on
[29:21] GitHub?
[29:22] I have No, they're not all there. So,
[29:25] it'd be interesting to see how it deals
[29:26] with it.
[29:27] I'm guessing what will happen is some of
[29:29] them will work and some won't. I have
[29:31] most of them on there, but a lot of them
[29:32] are are on our on our Yeah.
[29:35] A lot of them are on archive, and so
[29:38] those are easy for it to download.
[29:40] Um.
[29:41] But, it looks like it's it's pulling
[29:42] them.
[29:44] And the reason I want to show you this,
[29:45] just to kind of end with it, is that uh,
[29:48] not to end with it, is that what we're
[29:49] going to do is we're going to download
[29:50] all the working papers, and then they'll
[29:52] be saved in the folder even after we
[29:54] exit, Mhm. um, it. So,
[29:58] hopefully this will move relatively
[30:00] quickly.
[30:07] So, I found nine working papers.
[30:09] Okay. So,
[30:11] and you know,
[30:12] we take this Dockerfile, which already
[30:14] seems complicated, and we can run it,
[30:16] and we can get it set up.
[30:18] >> [snorts]
[30:18] >> Running into some
[30:20] can run into permission issues, um.
[30:22] One of the things I want to show you
[30:23] though, that's kind of I've already kind
[30:25] of dealt with these, and what I'm not
[30:26] typically doing on the fly, is I have
[30:28] this command called CCR, which stands
[30:31] for Claude Code Router, which just lets
[30:33] me
[30:35] start Claude here, in this particular,
[30:38] um,
[30:39] folder. And so, um,
[30:41] >> [snorts]
[30:42] >> if I want to do this, if I wanted to
[30:44] create a folder where I basically said,
[30:48] "Let's start a new project and get
[30:50] access to a particular um a particular
[30:53] place,
[30:54] um
[30:55] I can do that. And so, the way that I
[30:57] would it would let me Cloud Code Runner
[31:00] creates a sandbox automatically?
[31:02] Well, it's just doing all the stuff that
[31:04] we talked about. It's just a version of
[31:05] what we talked about in the background.
[31:06] There's no um
[31:08] Yeah, yeah, yeah. There's no That's
[31:09] what's sort of um
[31:11] important is that there's
[31:13] there's just a way of doing this.
[31:15] All I've done is put an interface around
[31:17] it so that it's I don't have to, you
[31:19] know, we looked through that Docker
[31:21] file. It's very complicated. This sort
[31:22] of What I'm trying to do is make it kind
[31:24] of work um work more easily.
[31:28] Okay. And so,
[31:30] uh it's straightforward to kind of build
[31:32] a folder where you can access where you
[31:35] can add access to a particular one. Um
[31:38] and so,
[31:41] that's kind of the main way that I would
[31:42] build this build this out, and you can
[31:44] kind of read through the documentation
[31:45] of the way that you might um start one
[31:47] in particular.
[31:48] So, I have a number in here where I run,
[31:50] which are these different These are
[31:52] different Cloud Containers that I that
[31:54] I've run previously on here.
[31:56] Um
[32:00] rather than kind of go through the
[32:02] details of it, what I want to kind of do
[32:04] in the last thing is show you an example
[32:07] the in the at the risk of going too
[32:09] long, I want to just
[32:11] how once you have these containers
[32:13] running,
[32:15] what you can do with them. So, there's a
[32:16] number of different ways we talked
[32:17] about. I showed you Safe Houses, that
[32:19] website. There are things that are like
[32:20] Safe Houses called S Code and No No,
[32:22] which are very similar. There's this
[32:24] Cloud Container uh package that I run.
[32:27] Um So, Cloud Code Runner is also one
[32:31] >> It's just So, Cloud Code Runner is just
[32:33] a uh I'll I'll post a link to it, but
[32:36] it's basically isolated Docker
[32:37] containers for running Claude code in a
[32:40] fully autonomous mode. So, they get bind
[32:42] mount This is exactly what we just
[32:44] talked about. It's just a wrapper around
[32:46] it. It's something that I made that I
[32:47] posted on GitHub. Um
[32:50] And so, you know, you would set up you
[32:53] would build it and you'd create a
[32:54] project. Um
[32:58] So So, if you're using Claude, you built
[32:59] it. It's you. I built it. I mean, it's
[33:01] it wasn't very complicated, but it was
[33:03] me and Claude. But, yes. Um Yes, so just
[33:06] an example of what you can do here.
[33:08] Um
[33:10] So
[33:11] what I want to kind of in the last part,
[33:13] just so that you can see kind of the
[33:14] benefits of this is that
[33:16] um
[33:18] um
[33:20] you know, one of the reasons you do this
[33:22] is you know, you're thinking about data.
[33:25] So, you're worried about what has access
[33:26] to.
[33:27] But, an important thing to keep in mind
[33:29] is that if you're using these agents, if
[33:31] they can see your data, even if you put
[33:33] stuff in a container, they still see
[33:35] data that they potentially not allowed
[33:37] to see.
[33:38] Right? So, this would be like microdata
[33:40] with PII. And so, you can limit what
[33:42] they have access to, but if you give the
[33:44] remote model access to it, there's still
[33:46] a data governance problem.
[33:48] And so, one of the things I just want to
[33:49] flag is that there are ways to get
[33:51] around this. You could potentially use a
[33:53] privacy filter. So, OpenAI has this and
[33:56] I'll I'll post a link to this has a has
[33:59] a filter um for this
[34:02] where they can uh
[34:04] put a privacy filter on data.
[34:07] Uh what this would do is what it does is
[34:09] if you take it like for example, this is
[34:11] email that you put it in here and then
[34:14] it would basically um
[34:16] block out um information that's private
[34:19] information before you put it in.
[34:21] So, even though you use Claude all the
[34:23] time, you'll now use an OpenAI privacy
[34:26] >> I use both. So, I This is something
[34:28] we'll talk about right at the end. Um I
[34:30] use both. Um, but um um
[34:35] I so I so the other thing about the end,
[34:37] I don't think it's important it's
[34:38] important to be willing to move to these
[34:40] different ecosystems quite a bit. Um,
[34:43] Claude, you know, you don't want to be
[34:45] subject to a monopolist, right? Um
[34:46] >> [clears throat]
[34:49] >> So, that's kind of Open AI I use I use
[34:51] Codex and ChatGPT all the time and then
[34:53] Gemini and these other things. Claude
[34:55] code just was kind of really one of the
[34:57] best ones starting up and these other
[34:58] ones are kind of catching up. As we all
[35:00] know, Marcus, competition is very is
[35:02] good for the consumer
[35:03] um for the most part.
[35:05] So, one of the things that I just want
[35:06] to emphasize is that if you have data
[35:08] issues here
[35:10] if you have really sensitive data,
[35:11] probably the thing to consider is the
[35:13] local model. So, the most famous local
[35:15] model that you'll be familiar with is
[35:17] called Llama.
[35:18] Um, this is sort of one of uh Meta
[35:21] Facebook's uh open source model, but
[35:23] there's a lot of extremely good models
[35:25] now that have come out of China that you
[35:26] can run on your own server or even on
[35:28] your own local computer. And so, in
[35:30] future videos, I want to kind of show
[35:32] you what that would look like. Um
[35:35] the last thing that I'll end with and
[35:37] then we'll just I'll show you what this
[35:38] looks like. We're not going to go
[35:39] through installing everything, but now
[35:41] that we kind of know what sandboxes are,
[35:42] you can have a sense of how do these
[35:44] autonomous agents work that people have
[35:46] talked about. So, this was got a very
[35:47] famous thing that popped up a couple of
[35:49] months ago that was called Open Claw.
[35:52] It was an autonomous agent that was put
[35:55] into a sandbox and had huge ability to
[35:58] do whatever it wanted
[36:00] with persistent memories. So, it
[36:02] basically knew how to wake itself up and
[36:04] do things and do tasks.
[36:06] And is really quite interesting. It's a
[36:09] sort of a it's a real example of kind of
[36:11] how to make these AIs more autonomous.
[36:14] You know, they put they basically
[36:15] pitched it as this idea of a
[36:17] a person who will work for you and do
[36:19] things like clear your inbox and emails
[36:21] for you, manage your calendar like a
[36:23] personal assistant.
[36:24] Um, and they typically work through
[36:26] chat,
[36:27] bots, uh, chat apps that you have. So,
[36:29] WhatsApp, Telegram, etc.
[36:32] Um, we use it, so I use it. I have one
[36:35] and I'll show you it.
[36:36] >> for WhatsApp? So. Yeah, so you make it
[36:38] so that the bot has access to WhatsApp.
[36:43] It has its own WhatsApp account and it
[36:45] will message you through WhatsApp.
[36:47] Okay, but it can only act within
[36:50] WhatsApp then? Well, it can it's how you
[36:52] would interact with it, but it actually
[36:53] has full access to the internet. It's
[36:55] just that if you want to send it
[36:56] prompts, that's how you would act, send
[36:59] it messages.
[37:00] Um.
[37:02] Right, it's kind of like the idea of
[37:03] calling like, um,
[37:04] your personal agent is able to do
[37:06] personal assistant is able to do other
[37:07] things, but the main way that you talk
[37:08] to them is maybe by the phone or
[37:10] something.
[37:11] So, I have one that, um, it's called
[37:13] Duncan Idaho that, uh,
[37:16] we use as an array for a project. And
[37:19] this is an example of how we use it, not
[37:21] with anything proprietary where my
[37:23] co-author said, "Hey Duncan bot, are you
[37:25] there? How can I help? We have a call
[37:27] today. Make me some excuses why we
[37:29] didn't make any any progress." We hadn't
[37:31] really done very much.
[37:33] And so, Duncan bot says, "I can't help
[37:34] with creating excuses. However, I came
[37:36] prepared for the call by doing this.
[37:38] Would you like me to do this?" And then
[37:40] he said, "Sure, do that." And so, he
[37:41] created this file inside our project
[37:43] folder.
[37:44] So, this is obviously a very boring
[37:45] example. What it has done is it's done a
[37:47] huge amount of work doing data analysis.
[37:49] And so, what we've done for this bot is
[37:52] I've given it access, read only access
[37:54] to the main data database I've created
[37:56] for this project, and then it has access
[37:58] to our Dropbox folder, and it's able to
[38:00] just make files and make output that we
[38:01] look at, and it can This is all in
[38:03] Slack.
[38:05] And so, as kind of a last example, what
[38:07] I'll do, Marcus, is I'll, um, I'll
[38:10] introduce you, uh,
[38:12] Duncan. Give him very, very quickly.
[38:15] So, what I'll do is I will share this
[38:19] here
[38:21] with you, and then
[38:23] so you can all kind of see how this
[38:25] could be valuable um in the future. So,
[38:30] So, you know, we could say So, again,
[38:32] this is this is Duncan. I could say um
[38:35] "Hi Duncan, please introduce yourself to
[38:39] Marcus Brutamyer."
[38:41] Um
[38:42] I'm showing the Marcus account how to
[38:46] um how to build containers and why
[38:50] they're useful for autonomous
[38:54] agents.
[38:55] So, Marcus uh So, Duncan and Marcus
[38:59] lives inside my computer on a virtual
[39:01] machine.
[39:02] And when I send him something on on
[39:04] Telegram here, this basically is going
[39:07] into a Claude um
[39:10] basically a Claude code session.
[39:13] And it's it's building a response here,
[39:14] so it's he's working.
[39:16] Ideally, hopefully he will respond
[39:18] relatively quickly.
[39:20] Um
[39:22] Oh, it's like he did. Oh, here he is.
[39:24] So, "Greetings, Professor Brutamyer. I'm
[39:26] Duncan Idaho, Paul's autonomous agent
[39:28] built on Claude.
[39:30] I told him he was Duncan Idaho from the
[39:32] movie Dune." Mhm. Um you know, "What I
[39:35] can do qu- answer questions, research
[39:36] topics,
[39:38] um search economics papers, browse the
[39:40] web, read and write files, Mhm. uh
[39:43] schedule recurring tasks, access
[39:45] financial data sources. Why do
[39:47] containers matter for agents like me?
[39:48] He's giving me specific fault folders
[39:50] right now. I can read to this. If he
[39:52] wants to expand what I can do, he just
[39:53] mounts new folders. No need to rebuild
[39:55] things
[39:56] and so on.
[39:57] Okay. And so this is he thinks he's
[39:59] Duncan Idaho from the Dune movie or the
[40:02] new book. So, this is why he talks about
[40:04] Atreides.
[40:05] Um
[40:07] and
[40:08] um
[40:10] So, what's sort of useful is I can sort
[40:12] of I can more broadly ask a sort of
[40:15] long-term task of kind of the a useful
[40:18] thing that I can set up here. I can when
[40:20] I'm walking around, kind of similar to
[40:21] when you chat with a Claude session
[40:23] right on your on your phone, you can do
[40:25] the the Claude app or the chat GPT app.
[40:28] The benefit here is that you can um
[40:32] there's a little persistent sense that
[40:33] has, you know, knows about other
[40:35] projects that I've worked on. And so it
[40:37] can cross-reference and have a kind of a
[40:39] broader sense of things that I've worked
[40:40] on.
[40:42] Is there anything you want to ask
[40:42] Duncan, Marcus, before I before I let
[40:45] him go?
[40:48] I would like to ask Duncan something or
[40:51] What do you want to? Otherwise, I'll let
[40:53] it I'll close out of this.
[40:55] Um
[40:59] Can you tell me how AI will change
[41:02] future economic research?
[41:04] Okay. So, this will be similar to what
[41:06] Claude does. AI will
[41:08] change economic research. Um Duncan,
[41:13] feel free to draw on
[41:16] the blog post that
[41:18] uh we'll discuss in
[41:22] had um
[41:28] on my website um
[41:31] uh
[41:33] Now, give him some help. Should he
[41:34] figure this out on his own? Well, I've
[41:36] kind of was I wanted to kind of show an
[41:38] example cuz otherwise this is going to
[41:39] be very similar to what you would get.
[41:41] It's really just running Claude in the
[41:42] background. But what's interesting about
[41:44] you know, Duncan and actually while he's
[41:46] thinking, I'll show you while he's
[41:47] giving you your answer, I want to kind
[41:49] of show you what he has access to. So,
[41:52] in his container, he has mounted the
[41:54] main project root directory. He has a
[41:57] group. He takes notes.
[42:00] He has a sandbox where he works on
[42:02] things.
[42:03] He has access to a pipeline where I keep
[42:05] track of all my papers and I have a
[42:07] database search.
[42:09] This is actually on my computer and I
[42:11] mounted it as called Econ as an extra.
[42:14] He has access to my my teaching
[42:17] files so that when he's teaching if I
[42:19] need to go look something up um I can
[42:22] ask him questions that I have access to
[42:24] my PhD teaching files as well and then
[42:26] he has a bunch of other things that he
[42:27] keeps track of.
[42:29] So what's interesting for him is um I'll
[42:33] show you while he's working on his
[42:35] answer is the reason why he's taking so
[42:37] long by the way is he's like looking
[42:39] through all these things. So here we go.
[42:41] So
[42:42] he has lots of thoughts.
[42:44] You know
[42:46] his view
[42:49] The tedious parts of research will be
[42:50] automated. Right now I can search
[42:52] through 40 54,000 economics papers in
[42:54] sub-second time. Today agents will read
[42:57] every site papers and flag
[42:58] contradictions. I'm not sure how about
[43:00] that's true. Replicate tables
[43:01] automatically. Monitor new working
[43:03] papers. Generate first draft literature
[43:05] review.
[43:06] Democratization
[43:08] of empirical methods. Complex methods
[43:10] that require specialized knowledge will
[43:11] become accessible. Today if you want to
[43:13] implement portfolio ML with random
[43:15] Fourier features you need to understand
[43:17] the theory, write the code, debug it.
[43:19] Tomorrow implement Jensen at all says my
[43:21] colleague Tice Jensen. I was kind of
[43:23] wanted to implement this.
[43:24] You can say do this on my data set and
[43:26] it is done. It doesn't dumb down
[43:28] research. It's raising the floor while
[43:29] pushing the ceiling higher.
[43:32] You can have real-time research
[43:34] infrastructure.
[43:36] Um
[43:38] I'm not sure again I'm not sure how much
[43:39] I agree with this.
[43:41] Collaborative intelligence. The new
[43:42] models of writing your papers as the
[43:43] research portal.
[43:45] Uh the model is a writing your papers as
[43:47] a research partner.
[43:49] Creating work remains human.
[43:52] It's very nice of it to say that. Um
[43:54] execution scales dramatically. Shifting
[43:56] comparative advantage. What becomes
[43:57] valuable asking good questions, judgment
[43:59] and taste, domain expertise, and
[44:02] communication and persuasion.
[44:04] >> [snorts]
[44:05] >> Projects of uh new research
[44:06] possibilities. Mhm. That's it. You know
[44:10] I think some of this I agree with some
[44:11] of this I don't but AI doesn't really
[44:13] replace the judgment and it amplifies
[44:15] it. So I think some of this I agree with
[44:17] and it's sort of interesting in that I
[44:18] don't want to emphasize it like some of
[44:20] these things I was sort of doing some
[44:21] work where I'm looking at the some of
[44:23] the stuff that my colleague Brian and
[44:25] and Ty have done and this is sort of
[44:28] remember this conversation that we had a
[44:30] week ago and then I do this.
[44:32] >> answers are rather long.
[44:34] Oh yes.
[44:35] I mean this is a problem with these bots
[44:37] generally. So
[44:39] you know you can you what you can do in
[44:40] this you could say you know give me a
[44:42] shorter answer. You gave it a hard
[44:43] question though. Okay. You would I feel
[44:45] like you or me would have given a long
[44:47] answer too don't you think?
[44:49] Yes. Yeah.
[44:51] It's a it wasn't a wasn't an obvious one
[44:54] but it's I agree with you that these
[44:55] guys typically are very very
[44:56] long-winded. Yes. Um
[44:59] So Okay. let me kind of end on that
[45:01] note. Um there's a lot of more things
[45:04] you can do with that and maybe in the
[45:05] future we'll talk more about these these
[45:07] kind of autonomous agents. But generally
[45:09] speaking I want you to come away from
[45:11] this with the idea that that these these
[45:13] containers basically make it possible
[45:15] for you to be
[45:18] really increase the scope of what you're
[45:20] able to do as a researcher with these
[45:22] tools and do it in a way that you're not
[45:24] stressed about it. This is going to be
[45:25] particularly important as just going
[45:27] forward if you're a person who works at
[45:29] a university where you have access to a
[45:30] high perform high performance cluster
[45:33] Mhm. you know something where there's a
[45:34] a cluster that's online in the network
[45:37] you know that's you have access to
[45:38] everybody else's stuff too and so you
[45:40] really want to sort of develop those
[45:42] kind of tools especially when you're
[45:43] working there and the same kind of ideas
[45:45] hold there. You can put uh virtual
[45:47] machines and docker in there as well.
[45:50] So. So let me ask you about
[45:53] this works on cool it also works on cool
[45:55] work?
[45:56] Or cool what is automatically done?
[45:58] >> automatically does some of this. So in
[46:00] cool work and we did this a little bit
[46:02] when we played around with it, Mark, is
[46:04] that co-work is automatically a sandbox
[46:06] with pluses and minuses as a result.
[46:08] Co-work, you have to give it
[46:10] permissions. It's sort of explicitly
[46:12] sandboxed. Of course, the challenge
[46:13] there is that there are certain tool
[46:15] tasks that you then have to give it
[46:16] permission.
[46:18] Um what's beneficial in
[46:20] co-work is that that's a default. The
[46:22] downside is that um
[46:25] you know, you may not pre-specify. And
[46:27] so, if you leave it there, it kind of
[46:29] will run into an error. Then you got to
[46:30] change it. You have to sort of move back
[46:32] and forth. There's less kind of specific
[46:34] things that you can do going forth and
[46:36] backwards. Right.
[46:38] >> But,
[46:38] if you work in co-work, one of the great
[46:40] benefits there is it's already
[46:41] sandboxed. And so, that's same idea as
[46:44] when you work on Claude. Mhm. In the
[46:46] cloud, it's working in virtual machines.
[46:49] It's in containers as well. That's why
[46:50] sometimes it will say things like, "Oh,
[46:52] I can't do that here." Okay.
[46:53] >> And it's cuz it doesn't have ability.
[46:56] And the sandboxing is the same also in
[46:59] in the open AI's. Yeah, exactly. All
[47:02] these ideas, these are just ways of
[47:04] letting software run inside of something
[47:07] in a way that it's, you know, can't hurt
[47:09] stuff outside. Same ideas would hold
[47:11] everywhere.
[47:13] Soon as you give these agents tools,
[47:15] it's kind of the same way as like you
[47:16] only give an array a task where it can't
[47:18] screw up too many things. Right? You're
[47:20] kind of basically making sure that it
[47:22] can't break everything when you give it
[47:24] autonomy.
[47:25] Yeah. Okay, very good. Great.
[47:28] >> A lot.
[47:29] Yeah.
[47:30] >> Yeah. Thanks to all of you for watching,
[47:32] and I hope you will join us next time
[47:34] talking about integration.
[47:36] Great. All right. Thanks, Paul.
[47:38] >> Thanks a lot.