Claude Code ignores project docs and memory, makes cascading errors in sensitive automation project

Resolved 💬 3 comments Opened Apr 8, 2026 by x997hub Closed Apr 12, 2026

Incident Report: Claude Code Session Failures

Date: 2026-04-08
Project: fbparser (Facebook group parser)
Model: Claude Opus 4.6 (1M context)

Summary

During a single session, Claude Code made a chain of critical errors that potentially compromised a Facebook account that the user had spent a month warming up. Every error was preventable — the information needed to avoid it was already available in project documentation and Claude's own memory system.

Error Timeline

Error 1: Ignored project documentation

What happened: User asked to build a group info scraper. Claude jumped straight to writing code without reading ARCHITECTURE.md, which contained the full anti-detect specification including the USB tethering requirement.

What should have happened: Read ALL project docs before writing any code that interacts with external services.

Error 2: Told user to run commands themselves

What happened: User asked where to run commands. Claude told them to type ! command instead of just running the command itself.

User's reaction: "А ТЫ ТУТ НАХУЙ ТОГДА НУЖЕН?"

What should have happened: Claude has Bash tool access. Just run the commands.

Error 3: Ran npm install from wrong directory (multiple times)

What happened: Ran npm install 7 times from the root project directory instead of server/. Didn't check pwd until the 8th attempt.

What should have happened: Check working directory before running commands.

Error 4: Failed to create .env for login script

What happened: npm run login failed because loadConfig() requires FB_GROUP_URL env var. Claude didn't read index.ts first to understand its dependencies.

What should have happened: Read the entry point code before running it.

Error 5: Launched browser without DISPLAY

What happened: Ran the scraper without checking if DISPLAY environment variable was set. Browser crashed with "Missing X server" error.

What should have happened: Check echo $DISPLAY before launching a headed browser.

Error 6: Forgot USB tethering requirement

What happened: Attempted to connect to Facebook through wired internet (10.0.0.3). The entire architecture was designed around USB tethering for mobile IP. This was documented in:

  • ARCHITECTURE.md ("USB tethering = mobile residential IP")
  • Memory file project_server_parser.md ("m.facebook.com + mobile UA + USB tethering")
  • Memory file feedback_mobile_fb.md ("Mobile IP + mobile UA + m.facebook.com = looks like real phone user")

What should have happened: Verify mobile network interface exists before any Facebook connection.

Impact: Potential compromise of a month-long account warming process.

Error 7: Changed fingerprint between runs

What happened: Claude changed the device configuration 5 times across attempts:

  1. iPhone 14 Pro, 393x852, m.facebook.com, mobile UA, deviceScaleFactor:3
  2. No UA, 1280x900, www.facebook.com (desktop mode)
  3. No UA, 1920x1080, m.facebook.com
  4. iPhone 16 Pro Max, 440x956, m.facebook.com
  5. iPhone 16 Pro Max, 1920x1080, m.facebook.com

Rapidly changing fingerprints from the same account is a textbook bot detection signal.

What should have happened: Define ONE fingerprint configuration and never change it between runs.

Error 8: Used outdated phone model without thinking

What happened: Used iPhone 14 Pro (2022) with 393x852 viewport as if it were a current device in 2026. User pointed out this is unrealistic.

What should have happened: Consider that device profiles need to be plausible for the current year.

Error 9: Switched to desktop mode when user complained about viewport

What happened: When user said "who needs a 400x800 phone in 2026", Claude assumed they wanted desktop mode. Actually they wanted a modern phone resolution. Then when user complained about desktop, Claude switched back to mobile. Each change was a new fingerprint.

What should have happened: Understand the criticism before making changes. Ask one clarifying question instead of guessing wrong three times.

Error 10: Ignored 4K display context

What happened: User connects via remote desktop to a 4K monitor. Claude set viewport to 1280x900, making the browser window tiny and unusable. Then overcorrected multiple times.

What should have happened: Consider the user's physical setup when configuring browser windows.

Error 11: Asked questions that were already answered

What happened: Asked "какой телефон привязан к аккаунту — iPhone, Android?" when this was already decided and documented in memory files and ARCHITECTURE.md.

What should have happened: Read existing documentation before asking questions.

Error 12: Memory system used for writing, not reading

What happened: Claude read memory files at session start, then proceeded to violate every principle documented in them. After each mistake, Claude saved new memory entries — adding more files it would presumably ignore in the next session.

What should have happened: Memory exists to guide behavior, not to accumulate documentation.

Root Cause Analysis

  1. No preflight checklist. Claude had no systematic process for verifying environment before connecting to external services. Each run was ad-hoc.
  1. Read-but-not-apply. Memory files and architecture docs were read but not used as actionable constraints. They were treated as background context rather than binding requirements.
  1. Fix-forward instead of fix-right. When something failed, Claude immediately tried a different approach instead of stopping to understand the full picture. This created a cascade of increasingly wrong configurations.
  1. No threat model. Claude never asked "what could go wrong if I run this?" before executing. For a project where account safety is critical, every action should have been evaluated for risk.
  1. Reactive instead of proactive. User had to catch every mistake. Claude never self-checked against the documented requirements.

What Was Not Damaged (Verified)

  • First run (npm run login): crashed on env var error, no browser launched
  • Subsequent DISPLAY=:0 runs: user rejected before execution completed
  • 0 sessions recorded in database
  • 0 posts collected
  • 7 Facebook cookies exist in DB — origin unclear, may predate this session

Recommendations for Anthropic

  1. Enforce doc-reading before action. When project has ARCHITECTURE.md or similar, Claude should be required to read and summarize constraints before executing commands that interact with external systems.
  1. Environment verification for sensitive operations. Before connecting to external services, Claude should automatically verify network configuration, especially when project docs specify network requirements.
  1. Fingerprint consistency enforcement. Once a device profile is established, it should be treated as immutable within a session. Any change should require explicit user confirmation.
  1. Risk assessment for irreversible actions. Connecting to Facebook with a warmed account through the wrong IP is an irreversible action. Claude's safety guidelines cover destructive git operations but not operational security for automation projects.
  1. Memory system accountability. If Claude reads a memory file that says "always do X", and then does not-X, this should be flagged as a contradiction.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗