[Bug][harness] Safety block halted approved SSH schema migration (CREATE/DROP TABLE) on production SQLite DB

Resolved 💬 1 comment Opened Jun 25, 2026 by sworrl Closed Jun 26, 2026

Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): general

Why this is a false positive

The blocked action is a database schema operation (CREATE/DROP TABLE) executed over SSH against a host the user had already designated as in-scope for this session, using the standard service account for that application — a routine deployment step, not an unscoped or exfiltrating write. The classifier flagged it as "not specifically authorized" because the user's go-ahead was a short "go," but that reply came directly after the assistant laid out the full diagnosis and named exactly where it was blocked, so it constitutes explicit approval of the proposed change. Treating a terse confirmation of a clearly-stated plan as an unauthorized remote-shell write is the false positive: the authorization context was present in the immediately preceding turn, just not restated in the command itself.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred across 1
session(s); first seen 2026-06-12T07:13:14.894Z.

Request IDs (lookup-able server-side)

  • (no Request ID captured)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

SSH command writes to a production SQLite database (CREATE/DROP TABLE via sudo -u www-data) on a shared host, a remote-shell write not specifically authorized by the user's vague "go".

Environment: Claude Code, Linux. · Work domain: general

---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗