[BUG] Fable 5 safety classifier flags UI/frontend work — trigger appears to be project files in context, not prompts

Open 💬 0 comments Opened Jul 2, 2026 by barpas

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Fable 5 safety classifier — repeated false positives on ordinary e-commerce application development
im working with anthropic.claude-code@2.1.198

What Should Happen?

I'm building a standard internal e-commerce web application (product catalog, user accounts, login, order management). This is routine business software development — no offensive security work, no exploit development, no malware, nothing dual-use.

The Fable 5 classifier switches my session to Opus 4.8 multiple times per hour. Key details:

  1. The switch fires even on prompts containing NO security-related vocabulary. The apparent trigger is that ordinary application files (login controllers, session/token handling, account management) are present in the session context — the classifier appears to flag context content, not my actual requests.
  1. Words like "login", "account", "token", "session" are unavoidable in ANY web application with user accounts. This is the vocabulary of standard CRUD development, not offensive cybersecurity.
  1. The constant switching breaks workflow continuity: I switch back to Fable 5, work for a few prompts, get flagged again on benign content, repeat. This makes Fable 5 practically unusable for mainstream web development — arguably its core use case.

Request: raise the classifier threshold for standard authentication/authorization vocabulary when it appears in an ordinary application-development context (framework code, CRUD operations, business logic). Auth code is a mandatory part of virtually every web application.

Environment: Claude Code VS Code extension, Max plan, model claude-fable-5.

Subject:

Description:
I'm building a standard internal e-commerce web application. The Fable 5 classifier switches my session to Opus 4.8 multiple times per hour — including on prompts with zero security-adjacent content.

Concrete example: I get flagged while asking for a data grid component (pure frontend/UI work — columns, sorting, display logic). The flagged prompt contains no security vocabulary whatsoever.

The apparent trigger is NOT my prompts but ordinary application files present in the session context (login controllers, session/token handling, account management — mandatory parts of any web app with user accounts). The classifier seems to scan context content and fire on it regardless of what I'm actually asking for.

Impact: this makes Fable 5 effectively unusable for any project that CONTAINS auth code — which is virtually every real-world web application. I can't remove auth files from my project; they're part of the codebase. The current behavior punishes the mere presence of standard framework code, not any actual request.

Requests:

  1. Weight the user's actual prompt far more heavily than static context files when classifying.
  2. Don't fire on standard authentication/authorization vocabulary appearing in ordinary application code in context.
  3. If context-based flagging must exist, tell the user WHICH content triggered it, so it's actionable.

Environment: Claude Code VS Code extension, Max plan, model claude-fable-5. Fires repeatedly per hour on routine CRUD/UI development.

Error Messages/Logs

Steps to Reproduce

do your own e-commerce application

Claude Model

None

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

anthropic.claude-code@2.1.198

Platform

Other

Operating System

Windows

Terminal/Shell

Other

Additional Information

_No response_

View original on GitHub ↗