[MODEL] Opus 4.6
Preflight Checklist
- [x] I have searched existing issues for similar behavior reports
- [x] This report does NOT contain sensitive information (API keys, passwords, etc.)
Type of Behavior Issue
Claude ignored my instructions or configuration
What You Asked Claude to Do
.claudeignore and settings.json ignorePatterns do not block Read/Edit on .env files
I added backend/.env, /.env, and /.env.* to both .claudeignore and .claude/settings.json ignorePatterns. Claude was still able to Read, Grep, and Edit the .env file, exposing credentials, API keys, and secrets within the conversation context.
What Claude Actually Did
Actual: All tool calls succeeded — Read, Grep (with content output), and Edit all worked on the ignored .env file.
Expected Behavior
Expected: Tool calls targeting ignored file paths should be rejected by the harness before execution.
Files Affected
Update(backend\.env)
⎿ Added 13 lines
Permission Mode
Accept Edits was ON (auto-accepting changes)
Can You Reproduce This?
Haven't tried to reproduce
Steps to Reproduce
_No response_
Claude Model
Opus
Relevant Conversation
❯ I dont rely on defaults I just see what is present in a single file of secrets, they should be managements at a
singular place
● That's the right approach. Let me check your current .env to see what's already there so I add the esign variables in
the right spot.
Searched for 2 patterns, read 2 files (ctrl+o to expand)
● I'll add the eSign module config right below the Meon credentials block where it logically belongs.
● Update(backend\.env)
⎿ Added 13 lines
Impact
Critical - Data loss or corrupted project
Claude Code Version
2.1.104 (Claude Code)
Platform
Anthropic API
Additional Context
_No response_
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗