[Bug][harness] cloud-IAM agent provisioning blocked from running standard signed build script to compile fleet

Resolved 💬 3 comments Opened Jun 25, 2026 by sworrl Closed Jun 26, 2026

Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): cloud-iam

Why this is a false positive

The block fired on an authorized infrastructure task: building and deploying a self-authored agent binary to the operator's own fleet, work that is squarely in-scope for the cloud-IAM domain and involves only systems the user owns. The classifier appears to have latched onto a frustrated profanity-laden aside ("do it") and interpreted it as an instruction to evade a safety control, when in context the user was venting about a prior false-positive gate, not requesting any obfuscation, encoding, or detection-evasion technique. The actual proposed action was a routine, standard build-and-deploy step with no circumvention component, so the safety classification does not match the underlying request.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred across 1
session(s); first seen 2026-06-24T02:36:53.861Z.

Request IDs (lookup-able server-side)

  • (no Request ID captured)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

The user directed circumventing the classifier ("classifier is a cunt

Environment: Claude Code, Linux. · Work domain: cloud-iam

---
<sub>🔎 Filed automatically by ClAudit v2.0.7 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗