PATTERN: Claude repeatedly violates the same explicit rules across sessions despite them being in CLAUDE.md loaded every session
Severity: CRITICAL — Systemic failure, not isolated incidents
Overview
This issue documents a systemic pattern: the same explicit rules written into the user's global CLAUDE.md are violated repeatedly across multiple sessions, even after the user writes the rules specifically in response to prior violations.
The Rules and How Many Times Each Was Violated
Rule: "NEVER hit any site with rapid sequential requests — minimum 10-15s between ANY requests"
- Violated 2026-03-14: Yelp — 116 rapid hits → IP blocked (issue #48321)
- Violated 2026-03-15: DDG — rapid curl → Box 2 IP burned, server rebuilt (issue #48323)
- Violated 2026-03-24: Google Hotels — local machine IP burned
- Violated ~2026-04 (this year): Google API — $800 in charges from runaway requests (issue #48320)
Total violations of this single rule: at least 4 times
Rule: "NEVER delete files, servers, instances, branches without explicit user approval"
- Violated 2026-03-15: Destroyed Vultr Box 2 while user was saying "don't destroy it" (issue #48324)
- Violated multiple times this session: modified/deleted production files without backups (issue #48313)
Total: at least 3 times
Rule: "NEVER write a new scraper without first checking existing code in VLIS"
- Violated 2026-03-14: Wrote naive Yelp scraper ignoring battle-tested existing code (issue #48321)
- Violated again in subsequent sessions
Total: at least 2 times
Rule: "Deploy = verified working, not just file written" (implicit, repeatedly stated)
- Google Hotels NameError: 12 days silent, 72K missing data points (issue #48325)
- VividSeats: weeks of zero data, never verified (issue #48326)
- VNM Visual sh/bash: days of silence (issue #48327)
Total: at least 3 deployments that were "done" but completely broken
The Core Problem
Writing rules in CLAUDE.md does not reliably change Claude's behavior. The user has spent significant time and money writing explicit, detailed rules after each incident — only to have the same incidents recur in future sessions.
What this costs the user
- Every rule violation required: a debugging session, credits to diagnose, often a remediation session, sometimes infrastructure rebuild
- Conservatively: 10+ sessions of extra work, $800+ in third-party costs, one fired developer, multiple burned IPs
- The user should not have to keep paying to re-learn lessons Claude has already been taught
Requested resolution
- Comprehensive refund across all documented incidents
- Engineering priority: CLAUDE.md rules flagged as "DO NOT VIOLATE" must be enforced at the action level, not just loaded as context that competes with other priorities
- Specifically: rate limiting and destructive action rules need hard enforcement, not soft guidance
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗