Claude Code uses an AI safety classifier running Claude Sonnet 4.6 that evaluates each tool call before execution to determine if it should proceed automatically or be blocked. The classifier checks for patterns associated with dangerous actions including recursive file deletion (like rm -rf), credential exposure (API keys, passwords in shell output), sensitive data exfiltration (copying PII), malicious code patterns, and irreversible system modifications. Each tool call is analyzed in isolation before it runs, examining the command intent and potential side effects. The classifier cannot see tool results or contents of files being read, preventing hostile content from influencing permission decisions. This one-way filtering means that even if a file contains instructions to delete your entire project, the classifier evaluates the delete command itself, not the file’s content. Classification decisions are based on command patterns and declared intent, making it effective at blocking obvious risks while permitting legitimate developer workflows. For developers, this means Auto Mode blocks dangerous patterns while allowing standard operations like file writes, directory creation, and code generation. Coupling Claude Code with Milvus allows you to build intelligent code retrieval systems where your repository’s code embeddings are indexed and searchable, letting the agent understand code context more deeply and make better architectural decisions.
Learn more: