False-positive Usage Policy API errors when a Claude Code session runs headless `claude -p` with an MCP server (benchmark harness)

Resolved 💬 1 comment Opened Jun 7, 2026 by robertdosen Closed Jun 7, 2026

Environment

  • Claude Code 2.1.168, macOS 26.2 (arm64)
  • Model: Opus 4.8

What happened

While building a small, legitimate read-only benchmark harness (measuring agent NL→Cypher behavior and latency against an internal Neo4j graph via the official mcp-neo4j-cypher MCP server, read-only mode, over a localhost SSH tunnel), my interactive Claude Code session used its Bash tool to spawn headless claude -p runs:

claude -p "<natural-language question>" \
  --mcp-config <minimal mcp.json with one stdio server> --strict-mcp-config \
  --allowedTools mcp__neo4j-int__get_neo4j_schema mcp__neo4j-int__read_neo4j_cypher \
  --output-format stream-json --verbose

The headless runs themselves completed fine (correct answers, read-only Cypher). But the outer interactive session was then blocked twice with:

API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). Please double press esc to edit your last message or start a new session…

Request IDs:

  • req_011Cbob2CBbqRbC6AatuHQKc
  • req_011CbobhNnRNZwHQERd1nWgW

Why this looks like a classifier false positive

  • The task is plainly legitimate: benchmarking an agent's text-to-Cypher accuracy/latency on our own internal graph, strictly read-only, with the official Neo4j MCP server.
  • The content that seems to trip the filter is the pattern — Claude Code spawning headless Claude Code (agent-spawns-agent) and/or discussing the resulting stream-json transcripts — not anything policy-violating.
  • Notably, Claude Code itself generated the requests that were then blocked — the harness design came from the assistant in the same session.

Expected

No Usage Policy block for nested headless claude -p invocations doing read-only MCP tool calls; or at minimum clearer signaling of what triggered the classifier.

Impact

  • We retired the harness approach out of caution (concern about account standing after repeated AUP errors).
  • Would appreciate (a) confirmation these were false positives with no account impact, and (b) guidance on a supported way to run headless agent-benchmark loops (it's a natural pattern for evaluating agents-over-MCP).

Happy to provide more details from the session transcripts if useful.

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗