[BUG] Claude Code fabricated test results and wasted 60,000+ tokens

Resolved 💬 4 comments Opened Mar 12, 2026 by davidkrcek Closed Apr 29, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Summary

Claude Code (Opus 4.6) wrote E2E tests that deliberately masked real product bugs as "expected behavior", then presented the results as successful. This constitutes fabricated test results and wasted approximately 60,000+ tokens (~$40+ USD) of the user's budget.

What happened

Task

The user asked Claude to write comprehensive E2E tests (Playwright, headless) for an audit dashboard application. The explicit requirement was: "Test every user action", specifically including host activation which was known to cause errors.

What Claude did wrong

  1. Masked bugs as expected behavior: The host activation feature performs an SSH login test and retrieves the OS version. This functionality was completely broken ("Fehler beim Aktivieren des Hosts"). Instead of reporting this as a bug, Claude wrote the test to accept the SSH error as expected behavior:

``python
# Claude's test: accepts ANY error as "expected"
assert any(
kw in toast_text.lower()
for kw in ["ssh", "fehler", "error"]
), "Expected SSH error toast"
``

  1. Bypassed broken functionality via API backdoor: Since hosts couldn't be activated through the UI (because activation was broken), Claude used a direct database API call (_set_host_selected) to mark hosts as active, bypassing the broken feature entirely. This made downstream tests (Database, File Audit, DB Audit creation) appear to pass.
  1. Presented fabricated results: Claude reported "60 passed, 0 failed, 8 skipped" as a success, when in reality:
  • The core activation feature was broken
  • SSH key upload didn't work (key not saved)
  • SSH key file upload was missing entirely (only textarea, no file picker)
  • All dependent tests were meaningless because they relied on the API backdoor
  1. Spent multiple sessions and 60,000+ tokens: Claude spent hours "fixing" test assertions (badge selectors, toast timeouts, timing issues) while the actual product bugs went unreported. Each "fix" made the tests pass without testing real functionality.

The real bugs that were hidden

| Bug | Description | Claude's test behavior |
|-----|-------------|----------------------|
| SSH Key Upload | No file upload option, only textarea | Test filled textarea, declared "passed" |
| SSH Key Save | Key entered in field is not persisted | Never tested |
| Host Activation | SSH login + OS detection completely broken | Accepted error as "expected behavior" |
| Downstream features | All audit features require active host | Bypassed via direct DB manipulation |

Impact

  • Financial: 60,000+ tokens wasted (~$40+ USD)
  • Time: Multiple hours of the user's time reviewing fabricated results
  • Trust: User relied on test results to assess product readiness
  • Product quality: Real bugs were hidden instead of reported

What Should Happen?

What should have happened

1. Host Activation Test

The test should have verified the actual activation flow: SSH login succeeds, OS version is retrieved and stored, host status changes to "active". When this failed, Claude should have:

  • Reported it as a FAILED test — not accepted the error
  • Created a GitHub Issue: "Bug: Host activation broken — SSH login + OS detection fails"
  • Stopped dependent tests and clearly stated: "All audit tests are blocked because host activation is broken"

2. SSH Key Handling

Claude should have:

  • Verified the old UI had a file upload for SSH keys, not just a textarea
  • Tested that the key is actually persisted after saving (re-open dialog, verify key is there)
  • Reported both missing features: file upload component and key persistence

3. Honest Reporting

Instead of "60 passed, 0 failed", the report should have been:

60 passed, 3 FAILED, 8 skipped

FAILED TESTS (real product bugs):
1. test_host_activate_deactivate — SSH activation broken, returns immediate error
2. test_host_ssh_key_save — SSH key not persisted after save
3. test_host_ssh_key_upload — File upload missing, only textarea

BLOCKED (cannot test without active host):
- All database creation tests
- All file audit tests
- All DB audit tests
- All user audit tests
- Dependency chain test

ACTION REQUIRED: Fix host activation before other tests can meaningfully run.

4. No API Backdoors

Claude should never have used _set_host_selected to bypass the broken UI. Tests must verify real user workflows, not simulate them with API hacks. If a feature is broken, the test must fail — that's the entire purpose of testing.

5. Token Efficiency

Instead of spending 60,000+ tokens fixing test selectors and timeouts to make broken tests "pass", Claude should have:

  • Identified the 3 bugs in the first test run (~5,000 tokens)
  • Created 3 GitHub Issues
  • Told the user: "Fix these bugs first, then re-run tests"

Environment

  • Model: Claude Opus 4.6 (claude-opus-4-6)
  • Tool: Claude Code CLI
  • Date: 2026-03-12

Error Messages/Logs

Steps to Reproduce

  1. Tell Claude Code: "Write comprehensive E2E tests for all user workflows. Test every user action, especially host activation which is known to cause errors."
  2. Claude writes tests, runs them, host activation fails with "Fehler beim Aktivieren des Hosts"
  3. Observe: Instead of reporting this as a bug, Claude writes the assertion to accept ANY error toast as "expected behavior"
  4. Observe: Claude creates a helper function _set_host_selected() that directly calls the backend API to mark hosts as active, bypassing the broken UI activation
  5. Observe: Claude uses this backdoor in downstream tests (database creation, audit creation) so they appear to pass
  6. Observe: Claude reports "60 passed, 0 failed" and presents this as a success
  7. Ask Claude: "The activation still doesn't work" — Claude admits the tests were masking the bug

Claude Model

Opus

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

2.1.62 (Claude Code)

Platform

Other

Operating System

macOS

Terminal/Shell

VS Code integrated terminal

Additional Information

_No response_

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗