The post landed because it says plainly what many agent builders already feel. Once a model can call APIs, modify files, run scripts, control a browser, and touch MCP tools, the problem stops being output quality and turns into execution control.
Anthropic said on March 25, 2026 that Claude Code auto mode uses classifiers to replace many permission prompts while remaining safer than fully skipping approvals. Anthropic's engineering post says the system combines a prompt-injection probe with a two-stage transcript classifier and reports a 0.4% false-positive rate on real traffic in its end-to-end pipeline.
A Show HN post for nah introduced a PreToolUse hook that classifies tool calls by effect instead of relying on blanket allow-or-deny rules. The README emphasizes path checks, content inspection, and optional LLM escalation, while HN discussion focused on sandboxing, command chains, and whether policy engines can really contain agentic tools.