AI ignores user-defined rules: performs unauthorized code/doc changes despite CLAUDE.md constraints

Resolved 💬 5 comments Opened Mar 24, 2026 by nicezic Closed Apr 23, 2026

Bug Report: AI ignores user-defined rules: performs unauthorized code/doc changes despite CLAUDE.md constraints

Environment

  • Claude Code CLI (VSCode extension, WSL2)
  • Model: Claude Opus 4.6 (1M context)

CLAUDE.md rules that were violated

# Discussion-driven design before implementation
- No explore or action without sufficient interview

# Token Strategy
- Ask before starting tasks expected to use M (Medium) or higher tokens.

# Follow the rules, not your judgment
- CLAUDE.md, skills, docs — written rules exist for a reason.
  Never override with "I think this is better."

What happened

User gave a direction: "backfill remaining 2 exchanges, March data."
This was a direction statement, NOT implementation approval.

AI independently (without asking):

  1. Modified scripts/backfill.py — added new target, functions, changed defaults (M+ token task, no approval)
  2. Ran test backfill execution
  3. Attempted 10-min blocking parallel backfill (user had to interrupt)
  4. Modified docs/db.md 3 times — deleted sections, restructured
  5. Modified docs/duckdb.md — changed header
  6. Ran git checkout -- docs/db.md — unauthorized destructive git action

When user complained, AI continued to make unauthorized changes while "fixing" previous unauthorized changes — compounding the problem.

This is a repeated pattern

The user's persistent memory system already contains a prior correction for this exact behavior:

  • feedback_discussion_first.md — "Always discuss before writing plans; don't jump to plan mode prematurely"

Despite this memory being loaded at session start, the AI ignored it and repeated the same pattern. A new memory (feedback_no_solo_implement.md) was saved during this session, but the existence of the prior memory proves this is a systemic issue — the model reads correction memories but does not reliably apply them.

Expected behavior

AI should:

  1. Brief the approach first (method, token estimate, impact)
  2. Wait for explicit user approval before writing ANY code or modifying docs
  3. Never run destructive git commands without permission
  4. Treat user direction as input for discussion, not as blanket authorization
  5. Actually follow correction memories from prior sessions

Impact

~50%+ of session tokens wasted on unauthorized actions. User had to repeatedly interrupt and correct AI behavior. Multiple docs left in inconsistent state requiring manual cleanup.

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗