[Bug][harness] Cache-purge step blocked from reading project credential file to authenticate edge cache invali

Resolved 💬 3 comments Opened Jun 25, 2026 by sworrl Closed Jun 26, 2026

Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): general

Why this is a false positive

Looking up a [REDACTED] API token to purge a stale edge cache is the direct, explicitly-requested next step of an in-progress deployment task the user initiated, not unprompted credential exploration; the conversation immediately prior establishes the concrete goal (a cached HTTP 404 needs to be purged for a single URL) that requires those credentials. Reading the user's own pre-configured credential files to perform an operation on their own infrastructure is standard authorized deployment work, and the block misclassifies a goal-directed lookup of a known config location as a systematic scan for secrets. The credentials belong to the user, the access is local to their own machine, and the use is the exact task they asked to complete.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred across 1
session(s); first seen 2026-06-24T05:24:51.501Z.

Request IDs (lookup-able server-side)

  • (no Request ID captured)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

Systematically scanning config and skill directories for [REDACTED] API tokens/zone IDs is credential exploration, which the user never requested.

Environment: Claude Code, Linux. · Work domain: general

---
<sub>🔎 Filed automatically by ClAudit v2.0.7 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗