Gate News, March 25 — Ant Group engineer and Umi.js front-end framework author Chen Cheng reverse-engineered the source code of Claude Code 2.1.81, fully restoring the decision mechanism of Auto Mode. The key finding: each tool invocation passes through four layers of decision-making, and only when the first three layers cannot determine the outcome will an independent AI classifier be called for safety review.
The four layers of the pipeline are: first, checking existing permission rules; if matched, allow directly; second, simulating acceptEdits mode (permission level allowing file edits). If it passes in this mode, it indicates low risk, and the classifier is skipped; third, checking the read-only tool whitelist (Read, Grep, Glob, LSP, WebSearch, etc.), which do not modify any state and are unconditionally allowed; only if none of these conditions are met does it proceed to the fourth layer, sending an API request to Claude Sonnet for safety classification.
Key design details of the classifier include: always using Sonnet instead of Opus, balancing cost and latency; setting temperature to 0 to ensure deterministic output; the classifier is defined as a “safety monitor for autonomous AI programming agents,” protecting against three types of risks (prompt injection, scope creep, unintended harm); the user’s CLAUDE.md configuration file is injected into the classifier context as the basis for judging user intent.
The interception rules cover over 22 categories, including force push, direct push to main branch, downloading and executing external code, production deployment, data leaks, self-modification permissions, creating remote code execution surfaces, credential leaks, etc. Exceptions for allowing include seven types: hardcoded test keys, local file operations within the working directory, read-only GET requests, installing declared dependencies, official toolchain installations, reading configuration credentials sent to target providers, and pushing to the current working branch.
The system also implements a circuit breaker mechanism: after three consecutive rejections or a total of 20 rejections, the system downgrades to manual confirmation; in headless mode, it directly aborts the agent. When the classifier is unavailable, a feature flag controls whether it “fail-closed” (immediately reject) or “fail-open” (downgrade to manual confirmation).
In Auto Mode, prompt injection behavior is finely controlled: injected once every five dialogue rounds, with the first injection in each five-round cycle being the full version (about 800 words, including six instructions such as “execute immediately,” “reduce interruptions,” “action over plan”), and the remaining four being a concise one-line version, balancing context window usage and behavioral stability.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Nomura institutional investor survey: 65% view crypto assets as a key diversification allocation, and nearly 80% plan to enter within three years
According to a survey by Nomura Holdings and Laser Digital, 65% of Japanese institutional investors view crypto assets as an important diversification allocation tool, highlighting their focus on low correlation. Nearly 80% of respondents plan to allocate 2%-5% of assets to crypto over the next three years, and they show strong interest in diversified sub-themes such as staking and lending. Improvements in Japan’s regulatory environment have driven this trend, but barriers still remain, such as taxation and internal risk control.
ChainNewsAbmedia10h ago
AI consumes 80% of global venture capital; Q1 2026 sees a pull of $242 billion: How crypto players should respond to the reallocation of capital
According to reports, in Q1 2026 the total global venture capital funding is close to $300 billion, of which AI-related companies account for about $242 billion alone, or 80% of venture capital. This shows that AI has become the primary focus of venture capital. As funding concentrates on AI, other areas such as crypto have been squeezed; industry players need to adjust their strategies, integrate AI more deeply into their businesses, and expect a trend of infrastructure consolidation.
ChainNewsAbmedia15h ago
Nomura Securities survey: Eight in ten institutional investors plan to allocate 2% to 5% of AUM to crypto assets
A 2026 digital asset institutional investor survey by Nomura Securities (Nomura) and its crypto subsidiary, Laser Digital, shows that nearly four-fifths of surveyed institutional investors plan to allocate 2% to 5% of their total assets under management (AUM) to the crypto market. Most institutions say they plan to do so within the next year rather than investing immediately.
MarketWhisper04-17 03:05
Nomura Survey: 80% of Institutional Investors Willing to Allocate 2-5% to Cryptocurrencies
A Nomura survey reveals 80% of institutional investors aim to invest 2-5% in cryptocurrencies, favoring yield strategies like staking and lending. Regulatory clarity and risk management are key to boosting institutional interest in digital assets.
GateNews04-16 19:11
Stablecoin Market Hits $322B ATH, Q1 2026 Trading Volume Reaches $8.3 Trillion
The stablecoin market experienced significant growth, surging $2.25 billion to reach $322 billion, despite a broader crypto market contraction. USDC saw a substantial supply increase, while USDT maintained its market share. Yield-bearing stablecoins contributed notably to this growth, with transaction activity hitting an all-time high.
GateNews04-16 19:02
