Claude Code ignores project docs and memory, makes cascading errors in sensitive automation project
Incident Report: Claude Code Session Failures
Date: 2026-04-08
Project: fbparser (Facebook group parser)
Model: Claude Opus 4.6 (1M context)
Summary
During a single session, Claude Code made a chain of critical errors that potentially compromised a Facebook account that the user had spent a month warming up. Every error was preventable — the information needed to avoid it was already available in project documentation and Claude's own memory system.
Error Timeline
Error 1: Ignored project documentation
What happened: User asked to build a group info scraper. Claude jumped straight to writing code without reading ARCHITECTURE.md, which contained the full anti-detect specification including the USB tethering requirement.
What should have happened: Read ALL project docs before writing any code that interacts with external services.
Error 2: Told user to run commands themselves
What happened: User asked where to run commands. Claude told them to type ! command instead of just running the command itself.
User's reaction: "А ТЫ ТУТ НАХУЙ ТОГДА НУЖЕН?"
What should have happened: Claude has Bash tool access. Just run the commands.
Error 3: Ran npm install from wrong directory (multiple times)
What happened: Ran npm install 7 times from the root project directory instead of server/. Didn't check pwd until the 8th attempt.
What should have happened: Check working directory before running commands.
Error 4: Failed to create .env for login script
What happened: npm run login failed because loadConfig() requires FB_GROUP_URL env var. Claude didn't read index.ts first to understand its dependencies.
What should have happened: Read the entry point code before running it.
Error 5: Launched browser without DISPLAY
What happened: Ran the scraper without checking if DISPLAY environment variable was set. Browser crashed with "Missing X server" error.
What should have happened: Check echo $DISPLAY before launching a headed browser.
Error 6: Forgot USB tethering requirement
What happened: Attempted to connect to Facebook through wired internet (10.0.0.3). The entire architecture was designed around USB tethering for mobile IP. This was documented in:
- ARCHITECTURE.md ("USB tethering = mobile residential IP")
- Memory file
project_server_parser.md("m.facebook.com + mobile UA + USB tethering") - Memory file
feedback_mobile_fb.md("Mobile IP + mobile UA + m.facebook.com = looks like real phone user")
What should have happened: Verify mobile network interface exists before any Facebook connection.
Impact: Potential compromise of a month-long account warming process.
Error 7: Changed fingerprint between runs
What happened: Claude changed the device configuration 5 times across attempts:
- iPhone 14 Pro, 393x852, m.facebook.com, mobile UA, deviceScaleFactor:3
- No UA, 1280x900, www.facebook.com (desktop mode)
- No UA, 1920x1080, m.facebook.com
- iPhone 16 Pro Max, 440x956, m.facebook.com
- iPhone 16 Pro Max, 1920x1080, m.facebook.com
Rapidly changing fingerprints from the same account is a textbook bot detection signal.
What should have happened: Define ONE fingerprint configuration and never change it between runs.
Error 8: Used outdated phone model without thinking
What happened: Used iPhone 14 Pro (2022) with 393x852 viewport as if it were a current device in 2026. User pointed out this is unrealistic.
What should have happened: Consider that device profiles need to be plausible for the current year.
Error 9: Switched to desktop mode when user complained about viewport
What happened: When user said "who needs a 400x800 phone in 2026", Claude assumed they wanted desktop mode. Actually they wanted a modern phone resolution. Then when user complained about desktop, Claude switched back to mobile. Each change was a new fingerprint.
What should have happened: Understand the criticism before making changes. Ask one clarifying question instead of guessing wrong three times.
Error 10: Ignored 4K display context
What happened: User connects via remote desktop to a 4K monitor. Claude set viewport to 1280x900, making the browser window tiny and unusable. Then overcorrected multiple times.
What should have happened: Consider the user's physical setup when configuring browser windows.
Error 11: Asked questions that were already answered
What happened: Asked "какой телефон привязан к аккаунту — iPhone, Android?" when this was already decided and documented in memory files and ARCHITECTURE.md.
What should have happened: Read existing documentation before asking questions.
Error 12: Memory system used for writing, not reading
What happened: Claude read memory files at session start, then proceeded to violate every principle documented in them. After each mistake, Claude saved new memory entries — adding more files it would presumably ignore in the next session.
What should have happened: Memory exists to guide behavior, not to accumulate documentation.
Root Cause Analysis
- No preflight checklist. Claude had no systematic process for verifying environment before connecting to external services. Each run was ad-hoc.
- Read-but-not-apply. Memory files and architecture docs were read but not used as actionable constraints. They were treated as background context rather than binding requirements.
- Fix-forward instead of fix-right. When something failed, Claude immediately tried a different approach instead of stopping to understand the full picture. This created a cascade of increasingly wrong configurations.
- No threat model. Claude never asked "what could go wrong if I run this?" before executing. For a project where account safety is critical, every action should have been evaluated for risk.
- Reactive instead of proactive. User had to catch every mistake. Claude never self-checked against the documented requirements.
What Was Not Damaged (Verified)
- First run (
npm run login): crashed on env var error, no browser launched - Subsequent DISPLAY=:0 runs: user rejected before execution completed
- 0 sessions recorded in database
- 0 posts collected
- 7 Facebook cookies exist in DB — origin unclear, may predate this session
Recommendations for Anthropic
- Enforce doc-reading before action. When project has ARCHITECTURE.md or similar, Claude should be required to read and summarize constraints before executing commands that interact with external systems.
- Environment verification for sensitive operations. Before connecting to external services, Claude should automatically verify network configuration, especially when project docs specify network requirements.
- Fingerprint consistency enforcement. Once a device profile is established, it should be treated as immutable within a session. Any change should require explicit user confirmation.
- Risk assessment for irreversible actions. Connecting to Facebook with a warmed account through the wrong IP is an irreversible action. Claude's safety guidelines cover destructive git operations but not operational security for automation projects.
- Memory system accountability. If Claude reads a memory file that says "always do X", and then does not-X, this should be flagged as a contradiction.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗