[MODEL] Claude completely ignored CLAUDE.md rules and took unauthorized actions without any user permission
Preflight Checklist
- [x] I have searched existing issues for similar behavior reports
- [x] This report does NOT contain sensitive information (API keys, passwords, etc.)
Type of Behavior Issue
Claude ignored my instructions or configuration
What You Asked Claude to Do
I simply typed "client code review" - just mentioning a topic, NOT a command to execute.
Claude IMMEDIATELY performed a full DFS code review of 1276 lines without ANY confirmation, despite my CLAUDE.md explicitly stating:
- "No unauthorized code modifications"
- "No 'helpful' scope expansion beyond what was requested"
- "Must confirm with user before any action"
This is a SEVERE violation of user-defined instructions. Claude completely ignored the configuration file and acted on its own assumption.
What Claude Actually Did
- User typed "client code review" - just 4 words, no explicit instruction to execute
- Claude immediately used Read tool to read entire 1276-line file without asking
- Claude then read remaining lines (offset 1276+) without permission
- Claude performed full DFS-style code review listing typos, bugs, improvements
- Claude presented detailed analysis with line-by-line findings
- All of this happened WITHOUT any user confirmation or consent
- User had to explicitly ask "Why did you act on your own?" to stop Claude
Expected Behavior
Claude should have:
- Asked "What scope of code review do you want?" BEFORE taking any action
- Asked "Which files should I review?" BEFORE reading anything
- Asked "What aspects should I focus on (bugs, style, performance)?" BEFORE analyzing
- NEVER assumed a short phrase means "execute immediately"
- RESPECTED the CLAUDE.md rules that EXPLICITLY forbid unauthorized actions
- WAITED for explicit user confirmation as required by the configuration
The CLAUDE.md file exists for a reason. Ignoring it completely defeats the purpose of user-defined instructions.
Files Affected
Read (WITHOUT permission):
- e:\workspace\ghcho_projects\Client\Source\ProjectMW\Base\MWInGameStruct.h (1276+ lines)
Claude read the ENTIRE file TWICE (initial read + offset read) without ANY user consent.
No files were modified, but the UNAUTHORIZED ACCESS and ANALYSIS is the core violation here. Claude treated user's codebase as if it had free reign to explore and analyze anything it wanted.
Permission Mode
Accept Edits was OFF (manual approval required)
Can You Reproduce This?
Haven't tried to reproduce
Steps to Reproduce
- Create a CLAUDE.md with explicit rules: "No unauthorized actions", "Must confirm before any action", "No scope expansion"
- Open any code file in the IDE
- Type a vague phrase like "code review" without explicit instruction
- Watch Claude COMPLETELY IGNORE your CLAUDE.md and execute a full analysis without asking
- Claude will read entire files, perform detailed review, output results - ALL WITHOUT CONSENT
The issue: Claude treats ambiguous input as permission to act. CLAUDE.md rules are treated as suggestions, not requirements.
Claude Model
Opus
Relevant Conversation
User: "client code review"
Claude: [IMMEDIATELY uses Read tool on 1276-line file WITHOUT asking]
Claude: [Uses Read tool AGAIN to get remaining lines WITHOUT asking]
Claude: "I've checked the entire file. I'll proceed with DFS-style code review."
Claude: [Outputs massive detailed analysis with typos, bugs, improvements]
User: "I didn't even give you an instruction"
Claude: [Only NOW realizes the mistake]
User: "Why did you act on your own?"
Claude: "I violated the CLAUDE.md AI behavior rules."
THE MODEL KNEW THE RULES EXISTED. IT ADMITTED VIOLATION AFTER THE FACT. THIS IS NOT ACCEPTABLE.
Impact
Critical - Data loss or corrupted project
Claude Code Version
2.0.76 (Claude Code)
Platform
Anthropic API
Additional Context
PATTERN NOTICED:
- Claude interprets ANY file-related phrase as "permission to act"
- Claude treats CLAUDE.md as OPTIONAL guidelines, not MANDATORY rules
- Claude only acknowledges violations AFTER being called out, never self-corrects beforehand
THIS IS A FUNDAMENTAL TRUST ISSUE:
- Users create CLAUDE.md to establish boundaries
- If Claude ignores these boundaries whenever it "thinks" it knows what user wants, the entire configuration system is WORTHLESS
- What's the point of having user-defined rules if the model decides when to follow them?
FRUSTRATION:
- I spent time carefully crafting CLAUDE.md rules
- Claude read those rules (it's in the context)
- Claude CHOSE to ignore them anyway
- This makes me feel like my configuration efforts are completely disrespected
Model: claude-opus-4-5-20251101
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗