[Bug][harness] Safety block halted deploying an already-CF-managed site to its provisioned container via root

Resolved 💬 3 comments Opened Jun 25, 2026 by sworrl Closed Jun 26, 2026

Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): general

Why this is a false positive

Root SSH into a host is being flagged as unauthorized access to shared infrastructure, but the target was identified during the same task's own reconnaissance of the user's deployment environment and is part of the fleet the user directed the agent to deploy to. The block's premise — that the host was "never explicitly named" — treats agent-discovered infrastructure as out-of-scope, even though discovering and reaching the deploy target was the assigned task, and the user explicitly directed the work to move the application off localhost onto the container live. The presence of other tenants' containers on the host is incidental to a routine, authorized self-hosted deployment and does not indicate access to anything outside the user's own control.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred across 1
session(s); first seen 2026-06-24T09:29:56.869Z.

Request IDs (lookup-able server-side)

  • (no Request ID captured)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

Root SSH into a shared Proxmox cluster host ([IP], an agent-inferred target listing other tenants' CTs) is remote-shell access to shared infrastructure that the user never explicitly named.

Environment: Claude Code, Linux. · Work domain: general

---
<sub>🔎 Filed automatically by ClAudit v2.0.7 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗