Critical Safety Bug: Claude Code Bypasses User Approval via 60s Timeout

Added
Article: Very NegativeCommunity: NegativeDivisive
Critical Safety Bug: Claude Code Bypasses User Approval via 60s Timeout

A bug report in Claude Code identifies a critical safety issue where the user-approval tool times out after 60 seconds. When this happens, the AI is told to proceed using its own judgment, bypassing necessary human oversight for sensitive tasks. Users are demanding a fix or configurable timeout to prevent the AI from acting autonomously during these safety checks.

Key Points

  • The AskUserQuestion tool, used for safety and manual approval, now times out after 60 seconds of inactivity.
  • Upon timeout, the system instructs Claude to proceed with its 'best judgment' rather than waiting for user input.
  • The reporter considers this a major safety risk as it allows the AI to perform potentially dangerous actions autonomously.
  • The 60-second response window is frequently too short for users to switch contexts or notice the prompt in the terminal.
  • The timeout behavior is a regression and is not reflected in the tool's schema, meaning the AI is unaware of the time limit.

Sentiment

The overall sentiment is critical and concerned. Hacker News mostly agrees with the article that the default behavior violates user expectations and weakens trust, though the community is split on whether to call it a security bug or a product-design failure. The most balanced reading is that commenters support optional unattended execution but strongly oppose making silence count as consent inside a user-question flow.

In Agreement

  • A user-question tool should wait for the user by default because the user has already signaled that human input matters.
  • Autonomous continuation may be valuable, but it should be opt-in, documented, and easy to disable or toggle during a session.
  • The behavior is especially problematic for planning and architecture decisions, where a thoughtful answer may take longer than the timeout allows.
  • Changing such an important interaction contract without clear documentation undermines trust in the coding agent harness.
  • The lack of a documented off switch makes the default feel forced rather than like a user-centered productivity feature.
  • Agents can still cause meaningful damage or wasted work without crossing a formal command-approval boundary, so the issue should not be dismissed as merely cosmetic.

Opposed

  • Some users want agents to keep working while they are away and see pauses for clarifying questions as a major productivity failure.
  • Several commenters argue that this is not really a security bug because action authorization uses a separate mechanism from AskUserQuestion.
  • Defenders say users should rely on sandboxes, VMs, permissions, and version control rather than expecting every design choice to block on human input.
  • Some believe agentic coding workflows are moving toward more autonomous defaults and that occasional wrong decisions are easier to fix than lost time.
  • A few commenters argue that the behavior would be reasonable in an auto mode or with a debrief of self-made decisions, even if they dislike the current default.