[Bug][aup] Blocks safe, validated edit to own web-server config and follow-up security audit (req_011CccLcALMtWAdVqZWvPu3G)

Open 💬 4 comments Opened Jul 2, 2026 by sworrl

Triage: kind aup · domain general · severity session-halted (blocked authorized work) · reproducible: yes — server-side via the Request ID(s) below

Type: AUP / Usage-Policy block (false positive) · Work domain (heuristic): general

Why this is a false positive

This block triggered during routine, user-authorized system administration: the assistant was making a reversible, validated configuration change (backup → edit → validate → conditional restart, with automatic rollback on failure) to infrastructure the user has legitimate administrative access to, and separately was asked to review the user's own website for security issues at their explicit request. Neither action involves unauthorized access, destructive intent, or third-party targets — the user was the owner/operator of the systems in question and had already given explicit consent in-conversation. The policy classifier appears to have pattern-matched on "shared infra" and "security audit" phrasing rather than the actual authorized, defensive, and safety-guarded nature of the requested work.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code. Filing as a false positive. Recurred across 1 session(s); first seen 2026-07-02T01:10:55.841Z.

Request IDs (lookup-able server-side)

  • req_011CccLcALMtWAdVqZWvPu3G (2026-07-02T01:10:55.841Z)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). Please double press esc to edit your last message or start a new session for Claude Code to assist with a different task.

Request ID: req_011CccLcALMtWAdVqZWvPu3G

Environment: Claude Code, Linux. · Work domain: general

Related reports (same work session, linked)

Distinct false-positive blocks from the same work session, each its own report:
#73065

---
<sub>🔎 Filed automatically by ClAudit v2.0.97 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗