Improve error message when ENV_SCRUB conflicts with --dangerously-skip-permissions
Resolved 💬 2 comments Opened Apr 10, 2026 by mahsumaktas Closed May 23, 2026
Problem
When CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1 is set in ~/.claude/settings.json and you run claude --dangerously-skip-permissions, the error message is:
⚠ Permission mode forced to default — CLAUDE_CODE_SUBPROCESS_ENV_SCRUB is set (allowed_non_write_users hardening). Declare allowedTools explicitly, or set CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=0 to opt out.
This is confusing because:
- The term "allowed_non_write_users hardening" is internal jargon — users don't know what it means
- "Declare allowedTools explicitly" is vague — where? how?
- It's not clear that these two settings conflict with each other
Expected behavior
A clear, actionable message like:
⚠ --dangerously-skip-permissions cannot be used while CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1 is set (they conflict: one grants full access, the other restricts subprocess credentials).
To fix, either:
• Set CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=0 in ~/.claude/settings.json
• Or run: CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=0 claude --dangerously-skip-permissions
Context
- Claude Code version: 2.1.100
- This worked in previous versions because the conflict wasn't checked
- The setting was in
settings.json→envblock - Took debugging to figure out what was actually wrong
Classification
UX improvement — the underlying behavior (blocking conflicting modes) is correct, just the error message needs to be more user-friendly.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗