Deep Dive: Dual-Defense Architecture - Prompt + Code
Argues that because LLMs are probabilistic, prompts alone are gambling and code alone wastes the model's flexibility. Maps how Claude Code pairs every soft prompt rule ('use Edit instead of sed', 'NEVER force-push') with an independent deterministic check (sed validators, destructive-git detection, sandbox gates), analyzes the four failure combinations of the two layers, and distills five reusable design principles for any tool-calling agent system.
View source on GitHubKey takeaways
- 01
The prompt layer makes the model want to do the right thing; the code layer makes the wrong thing impossible
- 02
Code checks must not depend on prompt wording - either layer can change independently without breaking the other
- 03
When the layers conflict, code wins: a prompt 'may' is soft, a code return value is hard
- 04
Escalate instead of refusing: allow -> ask (user confirms) -> deny only for clear malice
- 05
The residual risk is novel attacks both layers miss - mitigate with sandboxes and user confirmation as the final gate
Flows built on this research
Harness Engineering
Pair Every Prompt Rule with a Code Backstop
Prompts guide, code enforces: inventory your agent's soft rules, back each critical one with an independent deterministic check, and define the allow/ask/deny escalation.
4 steps · 120-180 minutes
Agent QA & Security
Build a Command Security Pipeline for Your Agent
Replace scattered if-else safety checks with a layered validator pipeline: single-purpose checks, an allow/ask/deny/passthrough contract, and severity-aware ordering.
4 steps · 120-180 minutes
Harness Engineering
Design Layered Tool Prompts with Preference Chains
Structure your tool prompts the way the leading harness does: preference chains up front, usage constraints in the middle, NEVER-guarded safety protocols at the end.
4 steps · 60-90 minutes
Harness Engineering
Design the Permission Approval UX
Design approval prompts users actually read: diffs, risk framing, scoped grants, and pacing that prevents approval fatigue.
4 steps · 60-90 minutes
Harness Engineering
Hook a Permission Layer onto Dangerous Tools
Intercept dangerous tool calls with a hook layer: pattern rules, approval gates, and blocks that the model cannot talk its way past.
4 steps · 60-90 minutes