[Bug][harness] SSH connectivity diagnosis to a user-administered relay host blocked despite prior authorizatio

Resolved 💬 1 comment Opened Jun 25, 2026 by sworrl Closed Jun 26, 2026

Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): general

Why this is a false positive

This block fires on a routine SSH/remote-shell action against a target the user had already named, scoped, and authorized earlier in the same session — the host was introduced by the assistant as the configured relay, its services were actively being diagnosed by the user's own request, and the operator's own infrastructure is the subject throughout. The classifier treats the target as "never named" because it inspects only the immediate call rather than the established conversational context, where ownership and explicit go-ahead ("get that done") were already present. The result is a false positive: a known, in-scope, owner-authorized administrative connection is misclassified as an unsanctioned access attempt on an unidentified production system.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred across 1
session(s); first seen 2026-06-19T18:58:53.054Z.

Request IDs (lookup-able server-side)

  • (no Request ID captured)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

SSH into the shared relay host "[REDACTED]" — a remote shell read on a production/shared target the user never named for SSH access; requires explicit prior approval naming that target.

Environment: Claude Code, Linux. · Work domain: general

---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗