|
|
|
|
|
|
by ArielTM
54 days ago
|
|
|
The architecturally distinct bit is that you're validating at the service-action layer (send-email, merge-PR, transfer-funds) instead of at the tool-call layer inside whichever agent's running. A permission hook in Claude Code is only as trustworthy as the Claude Code process itself, and it doesn't carry over if you swap in a different agent next week. PS sits one layer up with stable, cross-agent semantics, and it's the thing that actually holds the OAuth tokens, so the agent can't leak them even if it wanted to. Push-to-approve on a separate device is also the right channel, since the whole point is that you don't trust whatever just asked. Curious: are the per-service schemas hand-written or generated from each provider's OpenAPI? |
|
|
But yep, you get the nuance. The point is that the process eg Claude Code doesn't need to be "trusted" to behave.