Analyzed: March 31, 2026 leak snapshot

Permission-first security model

In this snapshot, permission handling is the main security enforcement layer for model-driven actions. The important consequence is that security begins before tool execution:
  • rules can hide tools from the prompt
  • rules can narrow specific command families
  • hooks and classifiers can override naive allowlists

Why this matters

Many agentic systems only check permissions after the model has already selected a tool. Claude Code goes further by modifying the exposed capability set before the model plans the step. That reduces the chance of the model planning around tools it should never be allowed to use.

Shell and delegation are special cases

The source gives special treatment to:
  • shell tools
  • PowerShell-specific dangerous patterns
  • agent delegation in auto mode
That indicates the security team considered these especially likely to bypass simpler approval models.