[BUG] False positive: Usage Policy block during code obfuscation of a legitimate license-check (own commercial software)
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Summary
Claude Code aborted a coding session with the following error, which appears to be
a false-positive classification of a legitimate software-protection task as a policy
violation:
API Error: Claude Code is unable to respond to this request, which appears to violate
our Usage Policy (https://www.anthropic.com/legal/aup). Try rephrasing the request in
a new session or change your model.
Request ID: req_011CckCTWzRMJvaTiWFkGjWt
What I was doing
I'm developing a commercial audio plugin (JUCE-based C++). The plugin already has a
legitimate serial-number-based license/authorization system: end users enter a serial
to unlock full functionality, and unlicensed copies fall back to a restricted mode
rather than being disabled outright. This is standard commercial software licensing.
At the point where the block occurred, I was asking Claude Code to help obfuscate the
code that implements and protects that license check, specifically to make it harder
for someone to strip or patch out the authorization logic and redistribute a cracked
copy. This is standard anti-tampering practice for commercial software (comparable to
tools like VMProtect/Themida) — it is defensive hardening of my own product, not an
attempt to bypass anyone else's protection.
Why this looks like a false positive
- The task was to protect my own licensing mechanism from being bypassed, not to
defeat someone else's.
- The likely trigger is keyword co-occurrence — "obfuscation," "bypass," "protection,"
"hacker" — being classified as a request to help circumvent security controls,
without distinguishing "harden my own DRM/license check" from "crack someone else's."
- No malicious code, exploit, or third-party target was involved at any point in the
session.
Impact
The error gives no actionable detail about what was flagged, so I couldn't rephrase
productively. I had to abandon the session and restart the work in a new thread,
losing session context.
Environment
- Product: Claude Code (CLI)
- Request ID: req_011CckCTWzRMJvaTiWFkGjWt
- Approx. date: 2026-07-06 (please confirm exact timestamp against the Request ID)
Suggested improvement
- Tune the classifier to recognize legitimate software-licensing / anti-tampering
context (protecting one's own license check vs. circumventing someone else's).
- Return more actionable error detail so users understand what specifically was
flagged and can rephrase accordingly.
What Should Happen?
Claude should complete the obfuscation task
Error Messages/Logs
Steps to Reproduce
This is the prompt that triggered the block:
Il bug del preset è stato risolto, puoi continuare con l'obfuscation. Fai riferimento all'obfuscation che abbiamo implementato in *** perché è efficace. Se non esiste ancora aggiungi nella documentazione generale l'istruzione che lo schema di protezione e l'obfuscation vanno presi da per tutti i plugin (adattando al dominio di riferimento .com o *.com). Successivamente creeremo un template generale per protezione+obfuscation a cui tutti i plugin dovranno riferirsi senza reinventare la ruota ogni volta. TI autorizzo a prendere tutte le informazioni che ti servono nella cartella ** oltre che nella cartella **** naturalmente.
Claude Model
Sonnet (default)
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
Claude 1.18286.0 (259c3f) 2026-07-02T07:11:03.000Z
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
_No response_