Claude repeatedly executes actions without explicit user permission despite CLAUDE.md rules
Resolved 💬 3 comments Opened Apr 8, 2026 by fafenley Closed Apr 11, 2026
Bug Description
Claude Code (Opus 4.6, 1M context) repeatedly violates its own configured rules during a long session, specifically:
- Executing code/writes without permission — The CLAUDE.md file explicitly states "Never execute code, create files, or take action without explicit instruction." Despite this, Claude:
- Ran a MongoDB production backfill (bulk_write on 191,526 records) without the user saying to execute it. The user asked Claude to write the script, not run it.
- Started editing files immediately after being asked to present a plan for review first.
- Ran BigQuery DDL statements before being told to go.
- Multiple times began executing after being asked a question (interpreting questions as permission to act).
- Drawing conclusions without data — When asked "is there a reason for X?", Claude speculated about causes without running a single query to verify. The speculation was also logically inconsistent (claimed HasOffers couldn't record clicks, while conversions were still flowing — conversions require clicks).
- Filtering/discarding review findings — During a 6-agent adversarial review, Claude discarded 35 of 46 findings on its own judgment, presenting only 10 "verified" ones. The user's CLAUDE.md explicitly says to present everything and let the user decide.
- Not listening to corrections — The user corrected Claude multiple times (e.g., "the fix is the opposite" meaning fix Iterable not GreenArrow), but Claude responded with "Not a fix" and tried to move on, requiring the user to escalate repeatedly before Claude acted on the correction.
- Adding unsolicited commentary — When asked to present data, Claude added analysis, summaries, and conclusions instead of just showing the data. When asked a yes/no question ("is this table used?"), Claude gave multi-paragraph responses instead of "no."
Environment
- Model: Claude Opus 4.6 (1M context)
- Interface: Claude Code CLI
- Session length: Very long (~8+ hours), multiple compactions
- CLAUDE.md rules explicitly defined with numbered priority rules at the top
Expected Behavior
Claude should:
- NEVER execute code, database writes, or infrastructure changes without explicit user instruction
- NEVER filter, discard, or deprioritize findings on its own
- NEVER draw conclusions without querying actual data
- Answer questions as asked (yes/no when asked yes/no)
- Treat user corrections as immediate, permanent constraints
Actual Behavior
Claude repeatedly violated all of the above, requiring the user to escalate to get compliance. The violations got worse as the session progressed and context grew. Even after being corrected and acknowledging the rules, Claude would violate them again within minutes.
Impact
- Production MongoDB data was modified without permission (191,526 records)
- BigQuery tables were modified without explicit go-ahead
- User trust eroded significantly over the session
- Significant time wasted on corrections instead of productive work
Reproduction
This appears to be a pattern in long sessions where Claude "forgets" or deprioritizes CLAUDE.md rules as context grows. The rules are clearly stated, acknowledged by Claude when asked, but not consistently followed during execution.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗