Auto mode classifier (claude-opus-4-8) repeatedly unavailable — blocks Bash/Write/Edit
Open 💬 16 comments Opened May 30, 2026 by syk82
Env: Windows 10, Claude Code v2.1.157, VS Code extension, Opus 4.8 (1M context), Claude Max
Symptom: In auto mode, tool calls fail with
claude-opus-4-8 is temporarily unavailable, so auto mode cannot determine the safety of Bash right now.
Bash/PowerShell/Write/Edit all blocked; only read-only ops pass.
/permissions → Recently denied tab is EMPTY (outage isn't logged as a denial), so there's no in-product trace of why work stalled.
Related: #62170, #49535, #39259.
Request: stabilize the classifier model, and/or improve fallback so a classifier outage doesn't silently block all work.
16 Comments
Same issue here.
same issue with opus 4.8
Same failure on Claude Max (20x), and I've eliminated every client-side cause by test — including the
[1m]fix from #38537. The real error is a429 rate_limit_error, not a model outage.Environment: Claude Max (20x) · macOS (Apple Silicon) · Claude Code v2.1.177 (also reproduced on 2.1.173) · started ~2026-06-12 21:00 UTC, persisted 12h+.
The actual error. The UI text ("
<model>is temporarily unavailable") is misleading.claude --debug apishows the classifierside_querygetting a 429 rate_limit_error, retried 5× then fail-closed:This is not the plan quota — session was ~2% / weekly 0% at the time.
Everything ruled out by test:
| Tested | Result |
|---|---|
| Plan quota | 0% weekly — not it |
| Model:
opus-4-8[1m], non-1Mopus-4-8,sonnet-4-6| all 429 (so it's not just the[1m]passthrough from #38537 — non-1M fails too) || CC version 2.1.173 → 2.1.177 | all fail |
|
skipAutoPermissionPromptremoved (per #38618) | no change || OAuth token (full logout/login) | no change |
| System clock / NTP | in sync |
| Concurrent sessions / background API consumers | none; killed all — still fails |
| Network family: forced IPv4 (
networksetup -setv6off) | still fails |Cross-machine smoking gun: the same Max account on a Hetzner server (different IP/region) runs the classifier fine (
Allowed by auto mode classifier) at the same time the Mac consistently 429s. So it's account/region/edge-side, not the client, model, or my network.The architectural issue (per @danmana, @DavidPluxia in #38537) stands: pinning the safety classifier to a single flagship model with no fallback turns any per-account/region rate-limit or capacity blip into a total auto-mode outage — and it fails closed silently (the
/permissions"Recently denied" tab stays empty). "Fixed in v2.1.112" did not resolve it.Asks:
side_query/classifier requests get 429'd at ~0% plan usage for specific accounts/regions while normal generation on the same account/IP succeeds.Happy to share the full
--debug apilog and request IDs.Same issue here.
Same issue here.
Same issue here.
Same issues
same issue 2 days in a row
Come on guys! 20x plan which I can't use properly, even when the model is up
Same issue for days. ditto @mattnelsonuk
Check out https://github.com/anthropics/claude-code/issues/64585 for a potential fix. CLAUDE_CODE_ATTRIBUTION_HEADER=0 breaks auto mode.
Same. Very annoying. Happening all the time now.
Additional data point: failures are network-path-dependent on my setup, and my account's
tengu_auto_mode_configis being delivered without amodelfieldSetup: Claude Code 2.1.202 (desktop entrypoint), Windows 11, claude.ai subscription auth, session model
claude-opus-4-8, auto permission mode.Symptoms (2026-07-07, US Central, continuing into 2026-07-08 UTC):
claude-opus-4-8 is temporarily unavailable, so auto mode cannot determine the safety of Bash right now.Same for Agent and Write. Roughly half of classifier-gated calls failed during bad stretches.Three observations that may help triage:
claude-sonnet-5, the next 5 classifier-gated calls succeeded immediately, then a later call failed citingclaude-sonnet-5(so switching appears to reduce but not eliminate; small sample, not conclusive). With the session onclaude-fable-5, the failure message citedclaude-opus-4-8[1m]— a model not selected in the session, with the[1m]suffix (cf. #38537).tengu_auto_mode_confighas nomodelfield. FromcachedGrowthBookFeaturesin~/.claude.json, refreshed 2026-07-08T02:25Z (minutes before this comment, from the failing home network — so this is fresh server delivery, not a stale cache):This matches the fallthrough analysis by @aguynamedryan in #60438 (config without
model→ classifier falls back to the session model). Notablys1SuffixByModelonly has keys forclaude-sonnet-5/claude-sonnet-5[1m], which suggests the classifier is intended to run on Sonnet 5 — but withmodelabsent, my sessions run it on whatever the session model is (Opus 4.8 most of the day), which appears to be far less reliable on the classifier path.CLAUDE_CODE_ATTRIBUTION_HEADERis unset (so not #64585). No proxy env vars set. Happy to provide debug logs / request IDs if useful.Correction / update with debug-log evidence (
--debug api) — supersedes my earlier "network-path-dependent" comment above, which was wrong.I enabled
apidebug logging and captured the failing classifier call directly. The failure is HTTP 401authentication_error("Invalid authentication credentials") on the/v1/messagessource=side_querycall:The crucial finding is the retry asymmetry. In the same session, at the same moment, the main loop receives the identical 401 on its
source=sdkcall:...but the main loop retries (up to 11 attempts), re-checks the token, and succeeds ("Stream started - received first chunk") — so chat appears seamless. The auto-mode classifier fails closed on the first error with no retry ("denying with retry guidance (fail closed)"), so every transient 401 becomes a blocked Bash/Write/Agent call.
This reframes the whole class of report:
<model> is temporarily unavailable, so auto mode cannot determine the safety of ..." is misleading — the underlying response is a 401 auth error.api.anthropic.comwas healthy throughout (38–72 ms handshakes). The failures are instant app-layer 401s, not connection failures or timeouts.[API:auth] OAuth token checkreports "complete" (valid) immediately before each server-side 401, so the token looks valid locally but is rejected server-side intermittently — consistent with a token-refresh race.Environment: Claude Code 2.1.202 (desktop), Windows 11, claude.ai OAuth auth, session model
claude-opus-4-8, auto mode.CLAUDE_CODE_CHILD_SESSION=1(may be relevant if concurrent sessions/devices contend on OAuth token refresh).Suggested fixes:
same issue with macOS
Confirming the 401 analysis above from a second, independent environment — and reporting how we resolved it on our side, with 10 days of quantified data and one new signal that supports the token-refresh-race hypothesis.
How we resolved it (same day)
A cold re-login of the brokering Desktop app (full logout → fresh
/authorize), rotating the entire brokered token family — done at ~09:45 UTC, right after updating the Desktop bundle (CLI → 2.1.205). Measured since, under the same parallel load that used to trigger storms:[oauth] CLI requested token refresh after 401in the Desktop logs: 0 lines (vs 92 earlier that same day, 1620/day at peak).In parallel, we added narrow deterministic
permissions.allowrules for recurring safe commands. Those resolve before the classifier, so even a future 401 storm now has a much smaller blast radius (only protected-path writes, Agent spawns, and unlisted commands still hit the classifier).Caveat: storms were episodic before (Jul 5–9 were quiet with no intervention), so a same-day zero is a strong signal, not proof — I'll re-run both counters after 7 days of normal parallel load and report back either way. A fresh token also only removes the trigger: the classifier's no-retry fail-closed design is what turns any transient 401 into an outage, so the suggested fixes below remain the real product fix.
Supporting data
Environment: Windows 11, Claude Code 2.1.197 → 2.1.202 during the affected window (Desktop app / cowork-managed CLI,
%APPDATA%\Claude\claude-code\<version>\), claude.ai OAuth, heavy use of parallel sessions and subagents (CLAUDE_CODE_CHILD_SESSION=1present).Scale of user impact (from session transcripts, July 2–12):
.claude/**paths, which route to the classifier even when allow rules match), Agent 44, plus scattered Read/Grep/WebFetch/MCP calls — i.e. when the classifier side-query 401s, any pending tool call is denied.New signal — the Desktop app's own logs corroborate an auth-refresh storm, correlated with parallel load:
%APPDATA%\Claude\logs\main*.logcontains the line[oauth] CLI requested token refresh after 401. Counting per day:| Day | count |
|---|---|
| baseline (mid-June onward) | 1–3/day |
| Jul 3 | 1620 |
| Jul 4 | 572 |
| Jul 5–9 | ~0 |
| Jul 10 | 120 |
| Jul 11 | 346 |
| Jul 12 | 92 — a single burst 05:47–06:14 UTC; 0 since the ~09:45 UTC token rotation |
The storm days are exactly the days with (a) massive classifier refusals in transcripts and (b) heavy parallel subagent fan-out. Since the Desktop app brokers the OAuth token for all cowork sessions and their child sessions, this is consistent with the refresh-race hypothesis proposed above (one process refreshes → sibling sessions' access token is invalidated → cascade of 401s; the main loop retries and recovers, the classifier side-query fails closed on first error). It is not consistent with capacity issues (would not correlate with local parallelism) or network path (per the earlier comment's TCP/TLS evidence).
On the misleading message: strings in the bundled CLI binary show the classifier denial path is explicitly fail-closed ("Auto mode classifier unavailable, denying with retry guidance (fail closed)") while the user-facing message reports the model as "temporarily unavailable" without the HTTP status the client received. The official error docs also currently classify this message as a transient overload — which sends affected users chasing capacity/network red herrings instead of auth.
Suggested fixes (echoing the thread, plus two)
/permissions→ "Recently denied" (currently they leave no in-product trace, which makes diagnosis needlessly hard).Workarounds that held up for us, for anyone affected
(a) the remedy that actually worked: cold re-login of the Desktop app (logout → login) to rotate the brokered token; (b) narrow deterministic
permissions.allowrules for your recurring safe commands — they resolve before the classifier and are immune to the 401 (note: broad rules are dropped on entering auto mode, andRule(prefix:*)takes the prefix literally — write narrowTool(cmd *)rules); (c) during a storm, switch the session out of auto mode (mode selector) so denials become approvable prompts; (d) reduce parallel fan-out on storm days.