nah adds guardrails to Claude Code

This is a smart response to a real agent-era problem: binary allow/deny permissions break down once coding agents start chaining commands across your machine. nah’s deterministic, millisecond-fast classifier is more practical than stuffing every safety decision into another LLM, even if it still stops short of true sandboxing.

• –The core idea is strong: classify actions like `filesystem_delete`, `git_history_rewrite`, and `package_run`, then apply policy based on context instead of crude command deny lists
• –It fits how developers actually work with Claude Code, especially for people who want near-autonomous flow without turning on fully unsafe bypass modes
• –The project’s zero-dependency, stdlib-Python setup lowers friction a lot; `pip install nah && nah install` is an unusually lightweight path for a tool in this category
• –The HN discussion surfaced the main caveat too: this is a safety net, not a sandbox, and clever indirect execution paths can still slip through without deeper inspection
• –If Claude Code auto-approval features become mainstream, tools like nah could become an important middle layer between raw agent autonomy and full container isolation