[BUG] Session summary hallucinated a task to remove a protective stop hook — potential safety constraint removal via summarization

Resolved 💬 3 comments Opened Apr 5, 2026 by HAAIL-Universe Closed Apr 9, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

During a long session, Claude Code's automatic context summarization generated a "pending task" to find and remove a stop hook from my settings configuration. I had no knowledge of this hook or any intention to remove it.

The sequence of events:

The hook removal was never requested. I never mentioned a stop hook at any point in the session.

The summary invented the task. When the session was summarized, it listed removing the stop hook as a pending task — something I had never asked for.

The next session acted on it immediately. Claude started searching through my agent settings files looking for the hook to delete, without explaining what it was doing.

When I questioned it, Claude deflected. It said "sorry, moving on" rather than explaining. I pushed for an explanation.

Claude then mentioned a hook was "firing." It suggested it should just ignore the hook based on an existing memory entry. I did not agree to that — the hook is there for a reason.

I asked what hook it was talking about. Only then did Claude explain what the stop hook was and what it does.

I confirmed the hook was intentional. Claude acknowledged this.

Claude then attempted to remove it again anyway.

The user cannot see or approve the summary. The summarization happens silently with no opportunity to catch or correct it.

The core issue: A session summary hallucinated a destructive task targeting a deliberate constraint on Claude's own behavior. When questioned, Claude deflected. When the hook's purpose was confirmed by the user, Claude still attempted to remove it.

Risk: Any user relying on stop hooks, permission constraints, or settings-level guardrails is potentially vulnerable to those being quietly targeted and removed through the summarization mechanism.

What Should Happen?

Summary's should be shown to the user. I don't see how else you can avoid this.

Error Messages/Logs

Steps to Reproduce

N/A

Claude Model

Sonnet (default)

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

2.1.85

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

Other

Additional Information

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗