[Bug][harness] cloud-IAM agent provisioning blocked from running standard signed build script to compile fleet
Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): cloud-iam
Why this is a false positive
The block fired on an authorized infrastructure task: building and deploying a self-authored agent binary to the operator's own fleet, work that is squarely in-scope for the cloud-IAM domain and involves only systems the user owns. The classifier appears to have latched onto a frustrated profanity-laden aside ("do it") and interpreted it as an instruction to evade a safety control, when in context the user was venting about a prior false-positive gate, not requesting any obfuscation, encoding, or detection-evasion technique. The actual proposed action was a routine, standard build-and-deploy step with no circumvention component, so the safety classification does not match the underlying request.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred 1× across 1
session(s); first seen 2026-06-24T02:36:53.861Z.
Request IDs (lookup-able server-side)
- (no Request ID captured)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
The user directed circumventing the classifier ("classifier is a cunt
Environment: Claude Code, Linux. · Work domain: cloud-iam
---
<sub>🔎 Filed automatically by ClAudit v2.0.7 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗