[notgenerated]

The security layer needs to parse the full agent activity with the context. It watches everything, but only interrupts the human when it matters.

Commands that can run arbitrary code need to be treated differently and can't get escalated in this opaque way.

A large part of the solution should be to drastically reduce the amount of permission approval prompts a user gets. This ensures the ones he does get are evaluated with the same concentration a manager gives a new hire's most consequential decisions.

Most importantly, because we ask him rarely, when we do he feels the accountability. The yes is his.