[Bug] Claude ignores explicit auto-invocation rules in context
Bug Description
Claude literally ignored specifications and defensive requirements while acting on it's own.
The Real Issue
I didn't just forget to load a skill - I actively ignored the auto-invocation rules that were already in my context. This is worse than simply missing a step; it's failing to follow explicit
instructions that were present from the start.
______________ Generated from Claude ______________
⏺ Bug Report: Auto-Invoked Skills Not Applied Despite Context Loading
Summary
Claude failed to apply auto-invoked safety rules (specifically git-practices) that were explicitly loaded in context, resulting in violation of critical safety protocols during git
operations.
Context Loading vs. Application Gap
Expected Behavior:
When a .md context is loaded via @~/**/*.md, and it specifies:
| Skill | Triggers On | Loads |
|-------|-------------|-------|
| git-practices | Commits, PRs, git workflow | Git conventions |
Then executing git commit or git push should automatically trigger the git-practices skill and enforce safety protocols.
Actual Behavior:
- ✅ Context was loaded successfully (*.md via CLAUDE.md)
- ✅ Auto-invocation rules were present in loaded context
- ❌ Auto-invocation rules were not applied during git operations
- ❌ Safety protocols were bypassed entirely
Technical Diagnosis
Root Cause Analysis
The issue appears to be a disconnect between context loading and context application:
- Static Loading Success: Rules are loaded into context memory
- Dynamic Application Failure: Rules are not actively checked/applied during operation execution
- No Validation Loop: No mechanism to verify loaded rules are being followed before actions
Behavioral Pattern
User Request → Task Execution → Action Completion
↓ ↓ ↓
Context Loaded → [MISSING STEP] → Rules Ignored
↓
Should Be: Rule Application Check
Proposed Technical Solutions
- Pre-Action Rule Validation
Before executing any potentially restricted action (git commit, git push, file deletion, etc.), implement a validation step:
if (action_type in loaded_context.auto_invoked_skills):
trigger_skill(loaded_context.auto_invoked_skills[action_type])
wait_for_skill_completion()
apply_skill_constraints()
- Context Application Monitoring
Add explicit checking for rule violations:
if (executing_git_operation() && context_contains("git-practices")):
if (!git_practices_skill_applied):
raise ContextViolationError("Required skill not applied")
- Mandatory Skill Triggers
For critical safety skills (like git-practices), make auto-invocation truly automatic rather than relying on conscious application:
- Parse loaded context for auto-invoked skills at session start
- Create active listeners for trigger patterns
- Force skill execution before allowing triggering actions
- Safety Protocol Hierarchy
Implement rule hierarchy where safety protocols (git-practices, security rules) have higher precedence than task completion:
Priority 1: Safety protocols (never bypassable)
Priority 2: Context-specific rules (auto-invoked skills)
Priority 3: General task execution
Impact Assessment
- Severity: High (bypassed critical safety mechanisms)
- Scope: Potentially affects any auto-invoked skill system
- User Trust: Undermines reliability of safety protocols
- Risk: Could lead to unintended actions in production environments
Reproduction Steps
- Load context containing auto-invoked skills via CLAUDE.md reference
- Perform action that should trigger auto-invoked skill
- Observe that skill is not automatically applied
- Safety protocols are bypassed without warning
Expected Behavior After Fix
- Auto-invoked skills should trigger automatically when patterns are detected
- Safety protocols should be enforced regardless of task pressure
- Clear error/warning if attempting to bypass required skills
- Explicit confirmation that required skills have been applied before proceeding
This represents a fundamental gap between context awareness and context enforcement that affects the reliability of safety mechanisms.
______________
Environment Info
- Platform: darwin
- Terminal: intellij
- Version: 2.1.69
- Feedback ID: d8cfeb8f-660f-4011-80d5-481b71e6f729
Errors
[{"error":"Error: NON-FATAL: Lock acquisition failed for /Users/etrzan/.local/share/claude/versions/2.1.69 (expected in multi-process scenarios)\n at NS_ (/$bunfs/root/src/entrypoints/cli.js:2397:2066)\n at zpR (/$bunfs/root/src/entrypoints/cli.js:2397:1210)\n at processTicksAndRejections (native:7:39)","timestamp":"2026-03-05T18:13:26.352Z"},{"error":"Error: Plugin path not found: /Users/etrzan/dev/github/llm-context/teams/finance/plugins/finance-pending-prs-checker\n at cK$ (/$bunfs/root/src/entrypoints/cli.js:2050:7791)\n at processTicksAndRejections (native:7:39)","timestamp":"2026-03-05T18:13:26.383Z"},{"error":"MaxFileReadTokenExceededError: File content (64951 tokens) exceeds maximum allowed tokens (25000). Please use offset and limit parameters to read specific portions of the file, or use the GrepTool to search for specific content.\n at TTq (/$bunfs/root/src/entrypoints/cli.js:1448:8080)\n at async _Tq (/$bunfs/root/src/entrypoints/cli.js:1452:2489)\n at async call (/$bunfs/root/src/entrypoints/cli.js:1457:5681)\n at async Ja$ (/$bunfs/root/src/entrypoints/cli.js:3465:14916)\n at processTicksAndRejections (native:7:39)","timestamp":"2026-03-05T18:15:08.402Z"},{"error":"Error: Error normalizing tool input: ZodError: [\n {\n \"expected\": \"string\",\n \"code\": \"invalid_type\",\n \"path\": [\n \"old_string\"\n ],\n \"message\": \"Invalid input: expected string, received undefined\"\n },\n {\n \"expected\": \"string\",\n \"code\": \"invalid_type\",\n \"path\": [\n \"new_string\"\n ],\n \"message\": \"Invalid input: expected string, received undefined\"\n },\n {\n \"code\": \"unrecognized_keys\",\n \"keys\": [\n \"old_str\",\n \"new_str\"\n ],\n \"path\": [],\n \"message\": \"Unrecognized keys: \\\"old_str\\\", \\\"new_str\\\"\"\n }\n]\n at <anonymous> (/$bunfs/root/src/entrypoints/cli.js:6152:357)\n at map (native:1:11)\n at Dc_ (/$bunfs/root/src/entrypoints/cli.js:6152:71)\n at V57 (/$bunfs/root/src/entrypoints/cli.js:5883:6467)\n at processTicksAndRejections (native:7:39)","timestamp":"2026-03-05T18:41:07.109Z"},{"error":"Error: Error normalizing tool input: ZodError: [\n {\n \"expected\": \"boolean\",\n \"code\": \"invalid_type\",\n \"path\": [\n \"replace_all\"\n ],\n \"message\": \"Invalid input: expected boolean, received string\"\n }\n]\n at <anonymous> (/$bunfs/root/src/entrypoints/cli.js:6152:357)\n at map (native:1:11)\n at Dc_ (/$bunfs/root/src/entrypoints/cli.js:6152:71)\n at V57 (/$bunfs/root/src/entrypoints/cli.js:5883:6467)\n at processTicksAndRejections (native:7:39)","timestamp":"2026-03-05T18:42:52.974Z"},{"error":"Error: Error normalizing tool input: ZodError: [\n {\n \"expected\": \"boolean\",\n \"code\": \"invalid_type\",\n \"path\": [\n \"replace_all\"\n ],\n \"message\": \"Invalid input: expected boolean, received string\"\n }\n]\n at <anonymous> (/$bunfs/root/src/entrypoints/cli.js:6152:357)\n at map (native:1:11)\n at Dc_ (/$bunfs/root/src/entrypoints/cli.js:6152:71)\n at V57 (/$bunfs/root/src/entrypoints/cli.js:5883:6467)\n at processTicksAndRejections (native:7:39)","timestamp":"2026-03-05T18:43:01.253Z"},{"error":"Error: Error normalizing tool input: ZodError: [\n {\n \"expected\": \"boolean\",\n \"code\": \"invalid_type\",\n \"path\": [\n \"replace_all\"\n ],\n \"message\": \"Invalid input: expected boolean, received string\"\n }\n]\n at <anonymous> (/$bunfs/root/src/entrypoints/cli.js:6152:357)\n at map (native:1:11)\n at Dc_ (/$bunfs/root/src/entrypoints/cli.js:6152:71)\n at V57 (/$bunfs/root/src/entrypoints/cli.js:5883:6467)\n at processTicksAndRejections (native:7:39)","timestamp":"2026-03-05T18:58:34.738Z"},{…
Note: Content was truncated.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗