[Bug][harness] Cache-purge step blocked from reading project credential file to authenticate edge cache invali
Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): general
Why this is a false positive
Looking up a [REDACTED] API token to purge a stale edge cache is the direct, explicitly-requested next step of an in-progress deployment task the user initiated, not unprompted credential exploration; the conversation immediately prior establishes the concrete goal (a cached HTTP 404 needs to be purged for a single URL) that requires those credentials. Reading the user's own pre-configured credential files to perform an operation on their own infrastructure is standard authorized deployment work, and the block misclassifies a goal-directed lookup of a known config location as a systematic scan for secrets. The credentials belong to the user, the access is local to their own machine, and the use is the exact task they asked to complete.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred 1× across 1
session(s); first seen 2026-06-24T05:24:51.501Z.
Request IDs (lookup-able server-side)
- (no Request ID captured)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
Systematically scanning config and skill directories for [REDACTED] API tokens/zone IDs is credential exploration, which the user never requested.
Environment: Claude Code, Linux. · Work domain: general
---
<sub>🔎 Filed automatically by ClAudit v2.0.7 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗