March 11, 2026
When your AI coder needs a bouncer
Show HN: A context-aware permission guard for Claude Code
Meet 'nah'—the sassy bouncer for Claude Code as HN cheers, nitpicks, and panics
TLDR: A new tool called “nah” acts like a smart bouncer for Claude Code, auto-blocking risky commands and asking before sketchy stuff runs. The crowd loves the relief from prompt fatigue, but debates erupted over bypass-mode limits as rumors swirl that full auto-coding is coming soon—making guardrails urgent.
Hacker News lit up as a dev dropped “nah,” a context-aware permission guard for Claude Code, the AI coding assistant. Instead of endless pop-ups that say allow or deny, this little gatekeeper looks at what a command actually does, blocks dangerous ones, asks about risky ones, and logs everything. Think: “git push — sure”; “git push --force — nah?” It even spots secret files and “curl | sh” shenanigans before they run.
The loudest chorus? Permission fatigue is real. One fan confessed that after the 100th prompt, you just mash “yes,” which defeats the point of safety. People loved that “nah” uses simple, deterministic rules first and only asks an AI when it’s truly unsure—no vibes-based decisions.
But the drama came fast. A heads-up that Claude Code’s auto mode might drop “as soon as tomorrow” had folks joking about Skynet and demanding guardrails now (link). Then came the pointed confusion: if you run in “bypass” mode, hooks execute too late to stop bad commands… so does this only work in default mode? That “wait, what?” sparked debate over real-world safety vs. marketing.
Meanwhile, a dev shared their own simpler tool that already saved them “many times” (link), tipping their hat to this more advanced version. The author popped in, calm and ready for questions. The meme of the day: “200 IQ Opus”—when your AI is clever enough to dodge your checklists, you need a smarter bouncer. Verdict: timely, promising, and just messy enough to be interesting.
Key Points
- •“nah” is a context-aware permission guard for Claude Code that classifies tool calls using deterministic rules and optional LLM escalation.
- •It operates as a PreToolUse hook, intercepting Bash, Read, Write, Edit, Glob, Grep, and MCP tools before execution.
- •Decisions vary by context (e.g., project boundaries, history rewrites, decode-and-execute pipelines) and are logged for inspection.
- •Installation is via pip; users are warned not to use --dangerously-skip-permissions because hooks may not block in time in bypass mode.
- •Configuration supports global and per-project policies, sensitive path rules, and a built-in demo covering 25 cases across eight threat categories.