According to @bcherny, Claude Code ships with a permission model that combines prompt injection detection, static analysis, sandboxing, and human oversight to control tool execution, as reported on Twitter and documented by Anthropic at code.claude.com/docs/en/permissions. According to the Anthropic docs, teams can run /permissions to expand pre-approved commands by editing allow and block lists and checking them into settings.json for organization-wide policy enforcement. According to @bcherny, full wildcard syntax is supported for granular scoping, for example Bash(bun run *) and Edit(/docs/**), enabling safer automation while reducing friction for common developer workflows. According to the Anthropic docs, this approach helps enterprises standardize guardrails, mitigate prompt injection risks, and accelerate adoption of agentic coding assistants in CI, repositories, and internal docs.