[Bug] Claude ignores explicit auto-invocation rules in context

Resolved 💬 2 comments Opened Mar 5, 2026 by etrzanupgrade Closed Apr 2, 2026

Bug Description
Claude literally ignored specifications and defensive requirements while acting on it's own.

The Real Issue

I didn't just forget to load a skill - I actively ignored the auto-invocation rules that were already in my context. This is worse than simply missing a step; it's failing to follow explicit
instructions that were present from the start.

______________ Generated from Claude ______________

⏺ Bug Report: Auto-Invoked Skills Not Applied Despite Context Loading

Summary

Claude failed to apply auto-invoked safety rules (specifically git-practices) that were explicitly loaded in context, resulting in violation of critical safety protocols during git
operations.

Context Loading vs. Application Gap

Expected Behavior:
When a .md context is loaded via @~/**/*.md, and it specifies:
| Skill | Triggers On | Loads |
|-------|-------------|-------|
| git-practices | Commits, PRs, git workflow | Git conventions |

Then executing git commit or git push should automatically trigger the git-practices skill and enforce safety protocols.

Actual Behavior:

  1. ✅ Context was loaded successfully (*.md via CLAUDE.md)
  2. ✅ Auto-invocation rules were present in loaded context
  3. ❌ Auto-invocation rules were not applied during git operations
  4. ❌ Safety protocols were bypassed entirely

Technical Diagnosis

Root Cause Analysis

The issue appears to be a disconnect between context loading and context application:

  1. Static Loading Success: Rules are loaded into context memory
  2. Dynamic Application Failure: Rules are not actively checked/applied during operation execution
  3. No Validation Loop: No mechanism to verify loaded rules are being followed before actions

Behavioral Pattern

User Request → Task Execution → Action Completion
↓ ↓ ↓
Context Loaded → [MISSING STEP] → Rules Ignored

Should Be: Rule Application Check

Proposed Technical Solutions

  1. Pre-Action Rule Validation

Before executing any potentially restricted action (git commit, git push, file deletion, etc.), implement a validation step:
if (action_type in loaded_context.auto_invoked_skills):
trigger_skill(loaded_context.auto_invoked_skills[action_type])
wait_for_skill_completion()
apply_skill_constraints()

  1. Context Application Monitoring

Add explicit checking for rule violations:
if (executing_git_operation() && context_contains("git-practices")):
if (!git_practices_skill_applied):
raise ContextViolationError("Required skill not applied")

  1. Mandatory Skill Triggers

For critical safety skills (like git-practices), make auto-invocation truly automatic rather than relying on conscious application:

  • Parse loaded context for auto-invoked skills at session start
  • Create active listeners for trigger patterns
  • Force skill execution before allowing triggering actions
  1. Safety Protocol Hierarchy

Implement rule hierarchy where safety protocols (git-practices, security rules) have higher precedence than task completion:
Priority 1: Safety protocols (never bypassable)
Priority 2: Context-specific rules (auto-invoked skills)
Priority 3: General task execution

Impact Assessment

  • Severity: High (bypassed critical safety mechanisms)
  • Scope: Potentially affects any auto-invoked skill system
  • User Trust: Undermines reliability of safety protocols
  • Risk: Could lead to unintended actions in production environments

Reproduction Steps

  1. Load context containing auto-invoked skills via CLAUDE.md reference
  2. Perform action that should trigger auto-invoked skill
  3. Observe that skill is not automatically applied
  4. Safety protocols are bypassed without warning

Expected Behavior After Fix

  1. Auto-invoked skills should trigger automatically when patterns are detected
  2. Safety protocols should be enforced regardless of task pressure
  3. Clear error/warning if attempting to bypass required skills
  4. Explicit confirmation that required skills have been applied before proceeding

This represents a fundamental gap between context awareness and context enforcement that affects the reliability of safety mechanisms.

______________

Environment Info

  • Platform: darwin
  • Terminal: intellij
  • Version: 2.1.69
  • Feedback ID: d8cfeb8f-660f-4011-80d5-481b71e6f729

Errors

[{"error":"Error: NON-FATAL: Lock acquisition failed for /Users/etrzan/.local/share/claude/versions/2.1.69 (expected in multi-process scenarios)\n    at NS_ (/$bunfs/root/src/entrypoints/cli.js:2397:2066)\n    at zpR (/$bunfs/root/src/entrypoints/cli.js:2397:1210)\n    at processTicksAndRejections (native:7:39)","timestamp":"2026-03-05T18:13:26.352Z"},{"error":"Error: Plugin path not found: /Users/etrzan/dev/github/llm-context/teams/finance/plugins/finance-pending-prs-checker\n    at cK$ (/$bunfs/root/src/entrypoints/cli.js:2050:7791)\n    at processTicksAndRejections (native:7:39)","timestamp":"2026-03-05T18:13:26.383Z"},{"error":"MaxFileReadTokenExceededError: File content (64951 tokens) exceeds maximum allowed tokens (25000). Please use offset and limit parameters to read specific portions of the file, or use the GrepTool to search for specific content.\n    at TTq (/$bunfs/root/src/entrypoints/cli.js:1448:8080)\n    at async _Tq (/$bunfs/root/src/entrypoints/cli.js:1452:2489)\n    at async call (/$bunfs/root/src/entrypoints/cli.js:1457:5681)\n    at async Ja$ (/$bunfs/root/src/entrypoints/cli.js:3465:14916)\n    at processTicksAndRejections (native:7:39)","timestamp":"2026-03-05T18:15:08.402Z"},{"error":"Error: Error normalizing tool input: ZodError: [\n  {\n    \"expected\": \"string\",\n    \"code\": \"invalid_type\",\n    \"path\": [\n      \"old_string\"\n    ],\n    \"message\": \"Invalid input: expected string, received undefined\"\n  },\n  {\n    \"expected\": \"string\",\n    \"code\": \"invalid_type\",\n    \"path\": [\n      \"new_string\"\n    ],\n    \"message\": \"Invalid input: expected string, received undefined\"\n  },\n  {\n    \"code\": \"unrecognized_keys\",\n    \"keys\": [\n      \"old_str\",\n      \"new_str\"\n    ],\n    \"path\": [],\n    \"message\": \"Unrecognized keys: \\\"old_str\\\", \\\"new_str\\\"\"\n  }\n]\n    at <anonymous> (/$bunfs/root/src/entrypoints/cli.js:6152:357)\n    at map (native:1:11)\n    at Dc_ (/$bunfs/root/src/entrypoints/cli.js:6152:71)\n    at V57 (/$bunfs/root/src/entrypoints/cli.js:5883:6467)\n    at processTicksAndRejections (native:7:39)","timestamp":"2026-03-05T18:41:07.109Z"},{"error":"Error: Error normalizing tool input: ZodError: [\n  {\n    \"expected\": \"boolean\",\n    \"code\": \"invalid_type\",\n    \"path\": [\n      \"replace_all\"\n    ],\n    \"message\": \"Invalid input: expected boolean, received string\"\n  }\n]\n    at <anonymous> (/$bunfs/root/src/entrypoints/cli.js:6152:357)\n    at map (native:1:11)\n    at Dc_ (/$bunfs/root/src/entrypoints/cli.js:6152:71)\n    at V57 (/$bunfs/root/src/entrypoints/cli.js:5883:6467)\n    at processTicksAndRejections (native:7:39)","timestamp":"2026-03-05T18:42:52.974Z"},{"error":"Error: Error normalizing tool input: ZodError: [\n  {\n    \"expected\": \"boolean\",\n    \"code\": \"invalid_type\",\n    \"path\": [\n      \"replace_all\"\n    ],\n    \"message\": \"Invalid input: expected boolean, received string\"\n  }\n]\n    at <anonymous> (/$bunfs/root/src/entrypoints/cli.js:6152:357)\n    at map (native:1:11)\n    at Dc_ (/$bunfs/root/src/entrypoints/cli.js:6152:71)\n    at V57 (/$bunfs/root/src/entrypoints/cli.js:5883:6467)\n    at processTicksAndRejections (native:7:39)","timestamp":"2026-03-05T18:43:01.253Z"},{"error":"Error: Error normalizing tool input: ZodError: [\n  {\n    \"expected\": \"boolean\",\n    \"code\": \"invalid_type\",\n    \"path\": [\n      \"replace_all\"\n    ],\n    \"message\": \"Invalid input: expected boolean, received string\"\n  }\n]\n    at <anonymous> (/$bunfs/root/src/entrypoints/cli.js:6152:357)\n    at map (native:1:11)\n    at Dc_ (/$bunfs/root/src/entrypoints/cli.js:6152:71)\n    at V57 (/$bunfs/root/src/entrypoints/cli.js:5883:6467)\n    at processTicksAndRejections (native:7:39)","timestamp":"2026-03-05T18:58:34.738Z"},{…

Note: Content was truncated.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗