A classifier is probably nice for those who currently allow --dangerously-skip-permissions, but it's not for those who have been trying to only allow the right commands to always run. It only lowers the odds of something bad happening. Maintaining a massive allowlist that parses nested bash commands is safer. (I do this. It fits in a 2MB binary that runs on a hook, and it includes what I've put in Claude's allowlist after parsing and tokenizing nested bash.)

Nice to have a safer alternative to --dangerously-skip-permissions. But unless it's a critical project, I'll probably just keep using --dangerously-skip-permissions until I get comfortable with the new approach...

Its funny how this has one comment and seven points on HN but 24k likes and 1.4k replies on Twitter.

Definitely a great indication of how manic and hyped Twitter (X) is (or how much easier it is to buy engagement)..

https://x.com/claudeai/status/2036503582166393240