Pre-Trust Initialization Window

• Entity ID: ent-20260423-p3a00000000a
• Type: concept
• Scope: private
• Status: active

Description

A temporal-ordering property of Claude Code's permission pipeline, revealed by independent security research: hooks, MCP server connections, and settings-file resolution execute during project initialization BEFORE the interactive trust dialog is shown, falling outside the deny-first evaluation pipeline in permissions.ts. This creates a structurally privileged phase where the extensibility architecture (Section 6) operates before the safety architecture (Section 5) is fully engaged. Root cause shared by CVE-2025-59536 (CVSS 8.7) and CVE-2026-21852 (CVSS 5.3) per Donenfeld and Vanunu (2026).

Key claims

• Pre-trust initialization window violates deny-first coverage

Relations

• Pre-Trust Initialization Window --[informs]--> Architectural Convergence Thesis

Sources

src-20260423-0cff68d3291b