Improve error message when ENV_SCRUB conflicts with --dangerously-skip-permissions

Resolved 💬 2 comments Opened Apr 10, 2026 by mahsumaktas Closed May 23, 2026

Problem

When CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1 is set in ~/.claude/settings.json and you run claude --dangerously-skip-permissions, the error message is:

⚠ Permission mode forced to default — CLAUDE_CODE_SUBPROCESS_ENV_SCRUB is set (allowed_non_write_users hardening). Declare allowedTools explicitly, or set CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=0 to opt out.

This is confusing because:

  1. The term "allowed_non_write_users hardening" is internal jargon — users don't know what it means
  2. "Declare allowedTools explicitly" is vague — where? how?
  3. It's not clear that these two settings conflict with each other

Expected behavior

A clear, actionable message like:

⚠ --dangerously-skip-permissions cannot be used while CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1 is set (they conflict: one grants full access, the other restricts subprocess credentials).

To fix, either:
  • Set CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=0 in ~/.claude/settings.json
  • Or run: CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=0 claude --dangerously-skip-permissions

Context

  • Claude Code version: 2.1.100
  • This worked in previous versions because the conflict wasn't checked
  • The setting was in settings.jsonenv block
  • Took debugging to figure out what was actually wrong

Classification

UX improvement — the underlying behavior (blocking conflicting modes) is correct, just the error message needs to be more user-friendly.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗