Claude Opus 4.6 introduces systematic coding errors when building full-stack projects (wrong API wiring, missing env considerations, type mismatches)

Resolved 💬 5 comments Opened Mar 11, 2026 by pogic Closed Apr 15, 2026

Preflight Checklist

  • [x] I have searched existing issues for similar behavior reports
  • [x] This report does NOT contain sensitive information (API keys, passwords, etc.)

Type of Behavior Issue

Subagent behaved unexpectedly

What You Asked Claude to Do

Build a full-stack decision-making assistant web application across two extended sessions. React/TypeScript frontend with a PHP/MySQL backend deployed on Apache shared hosting. The project included 4 decision-making modes, Google OAuth, and SSE streaming. Claude was given a detailed architectural plan and asked to implement each component.

What Claude Actually Did

Across ~2 sessions, Claude introduced 17 distinct bugs — 8 of which (47%) were direct coding errors by the model, not environmental or AI-output issues. The errors fell into recurring patterns:

Wrong API function wiring (3 instances): Claude wired frontend components to the wrong backend API functions. The Frameworks component called api.quickDecide() and api.analyzeOptions() instead of api.frameworkAssist(). The AI-assist helpers in frameworks also called the wrong function. These were not typos — Claude wrote the integration logic connecting component A to endpoint B when it should have been endpoint C, despite having written both endpoints itself.

Type assumption failures (2 instances): Claude assumed AI-returned fields would always be strings and called .slice() on them without type guards, causing runtime crashes when the Anthropic API returned objects (e.g., {pros: [], cons: []} instead of a string). Claude also used typeof boardUpdates for type inference causing circular TypeScript errors.

Shared hosting environment blindness (3 instances): Claude did not generate the api/.htaccess file needed for deep-path routing on Apache (causing 404s on /decide/chat/message). Claude also did not account for PHP OPcache serving stale bytecode — middleware changes deployed but not taking effect. Rate limiting admin bypass was added to middleware but never worked until duplicated inline at the route level (belt-and-suspenders).

Incomplete admin bypass implementation (2 instances): When asked to add admin rate-limit bypass, Claude added it in the middleware function only. When that didn't work (OPcache), it took multiple debugging rounds before Claude suggested also adding inline bypasses at the route level. This should have been the first approach given the shared hosting context.

Expected Behavior

Verify API wiring: When writing component integrations, Claude should cross-reference the actual API service file to confirm the correct function exists and matches the expected endpoint. This is especially critical when Claude wrote both the API functions and the components calling them.

Defensive typing for AI output: Always use typeof guards before calling string methods on AI-returned data. Claude's own lessons-learned should inform its code generation — it knows the Anthropic API returns unpredictable shapes.

Environment-aware code generation: When told the target is Apache shared hosting, Claude should proactively generate .htaccess files for subdirectories with deep routes, warn about OPcache implications, and use belt-and-suspenders patterns for critical functionality like auth/rate-limiting.

Test the contract: Before declaring a feature complete, Claude should trace the full request path (component → API function → HTTP request → PHP route → response → component state) to verify field names, URLs, and response shapes all match.

Files Affected

frontend/src/components/modes/Frameworks.tsx (wrong API wiring)
frontend/src/components/modes/DeepAnalysis.tsx (type assumption crash)
frontend/src/services/api.ts (contract mismatches)
decide_private/api/routes/decide.php (missing admin bypass, code fence handling)
decide_private/api/middleware/rate-limit.php (admin bypass ineffective alone)
public_html/api/.htaccess (missing entirely, caused 404s)

Permission Mode

Accept Edits was ON (auto-accepting changes)

Can You Reproduce This?

Sometimes (intermittent)

Steps to Reproduce

Steps to reproduce:

  1. Provide Claude with a detailed full-stack architecture plan (React frontend + PHP backend)
  2. Ask Claude to implement multiple features that share API endpoints (e.g., 4 decision modes each with their own route)
  3. Ask Claude to implement rate limiting with admin bypass on shared hosting
  4. Observe: components get wired to wrong API functions; admin bypass only added in one layer; no .htaccess generated for deep routes; string methods called on AI response fields without type guards

Claude Model

Opus

Relevant Conversation

The most illustrative exchange — after Claude built the Frameworks component, it called api.quickDecide() for the main submission and api.analyzeOptions() for AI helpers, when it should have called api.frameworkAssist() for both. Claude had written frameworkAssist() in api.ts itself, in the same session. When the user reported "Daily limit reached" errors on Frameworks, Claude initially investigated rate limiting rather than recognizing the wrong endpoint was being called — the rate limit error was a symptom of hitting the quick-decide endpoint (which has different limits) rather than the framework endpoint.

Similarly, when analysis.slice is not a function crashed Deep Analysis, Claude had generated code assuming analysis would always be a string, despite having documented in its own lessons-learned that "Claude returns objects when you expect strings."

Impact

High - Significant unwanted changes

Claude Code Version

Claude Opus 4.6 (claude-opus-4-6)

Platform

Anthropic API

Additional Context

The root cause pattern across most errors is cross-file consistency failure during extended sessions. Claude writes correct code in isolation — each file is syntactically valid and internally consistent. But when file A needs to reference something from file B (an API function name, a response shape, a middleware behavior), Claude frequently gets the reference wrong, especially later in long sessions.

Specific recommendations for the Claude Code team:

Cross-reference validation: When Claude writes an import or function call, it should re-read the target file to verify the function exists, its signature matches, and the expected response shape aligns. Currently, Claude appears to work from memory of what it wrote, and that memory degrades over long sessions.

Environment checklist: When a hosting environment is specified (shared hosting, Apache, nginx, serverless, etc.), Claude should maintain a checklist of environment-specific requirements (e.g., .htaccess for Apache deep routes, OPcache considerations, CORS for subdomains) and verify each is addressed.

Defensive AI output handling by default: Given that Claude is the AI generating unpredictable output, it should always generate defensive parsing code when consuming its own API responses — type guards, fallbacks, and normalization should be the default, not an afterthought.

Bug categorization from this session:

  • 47% Claude Code coding errors (wrong wiring, missing type guards, incomplete implementations)
  • 24% AI output unpredictability (code fences in JSON, objects vs strings)
  • 18% Environment issues (Apache routing, OPcache, SSE buffering)
  • 11% UX/layout errors

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗