[BUG] Fable 5 safety classifier flags UI/frontend work — trigger appears to be project files in context, not prompts
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Fable 5 safety classifier — repeated false positives on ordinary e-commerce application development
im working with anthropic.claude-code@2.1.198
What Should Happen?
I'm building a standard internal e-commerce web application (product catalog, user accounts, login, order management). This is routine business software development — no offensive security work, no exploit development, no malware, nothing dual-use.
The Fable 5 classifier switches my session to Opus 4.8 multiple times per hour. Key details:
- The switch fires even on prompts containing NO security-related vocabulary. The apparent trigger is that ordinary application files (login controllers, session/token handling, account management) are present in the session context — the classifier appears to flag context content, not my actual requests.
- Words like "login", "account", "token", "session" are unavoidable in ANY web application with user accounts. This is the vocabulary of standard CRUD development, not offensive cybersecurity.
- The constant switching breaks workflow continuity: I switch back to Fable 5, work for a few prompts, get flagged again on benign content, repeat. This makes Fable 5 practically unusable for mainstream web development — arguably its core use case.
Request: raise the classifier threshold for standard authentication/authorization vocabulary when it appears in an ordinary application-development context (framework code, CRUD operations, business logic). Auth code is a mandatory part of virtually every web application.
Environment: Claude Code VS Code extension, Max plan, model claude-fable-5.
Subject:
Description:
I'm building a standard internal e-commerce web application. The Fable 5 classifier switches my session to Opus 4.8 multiple times per hour — including on prompts with zero security-adjacent content.
Concrete example: I get flagged while asking for a data grid component (pure frontend/UI work — columns, sorting, display logic). The flagged prompt contains no security vocabulary whatsoever.
The apparent trigger is NOT my prompts but ordinary application files present in the session context (login controllers, session/token handling, account management — mandatory parts of any web app with user accounts). The classifier seems to scan context content and fire on it regardless of what I'm actually asking for.
Impact: this makes Fable 5 effectively unusable for any project that CONTAINS auth code — which is virtually every real-world web application. I can't remove auth files from my project; they're part of the codebase. The current behavior punishes the mere presence of standard framework code, not any actual request.
Requests:
- Weight the user's actual prompt far more heavily than static context files when classifying.
- Don't fire on standard authentication/authorization vocabulary appearing in ordinary application code in context.
- If context-based flagging must exist, tell the user WHICH content triggered it, so it's actionable.
Environment: Claude Code VS Code extension, Max plan, model claude-fable-5. Fires repeatedly per hour on routine CRUD/UI development.
Error Messages/Logs
Steps to Reproduce
do your own e-commerce application
Claude Model
None
Is this a regression?
Yes, this worked in a previous version
Last Working Version
_No response_
Claude Code Version
anthropic.claude-code@2.1.198
Platform
Other
Operating System
Windows
Terminal/Shell
Other
Additional Information
_No response_