Claude Code reads the boot files then ignores them and ships broken shit (Windows app harness)

Resolved 💬 3 comments Opened May 4, 2026 by azzaroES Closed May 8, 2026

Environment: Claude Code, Windows desktop app harness. Claude Opus 4.7 (1M context). Long mixed session.

---

The bug

Spent an afternoon getting fucked because Claude read CLAUDE.md at session start, ran an audit that literally listed both auth variants of the same function (fetchRestaurantConfig — auth REST, vs fetchRestaurantConfigPublic — anonymous GraphQL), wrote a plan referencing those variants, then when it actually typed code 30+ minutes later it imported the wrong fucking one — the auth-required read for an anonymous cross-subdomain context that CLAUDE.md spells out on line 9:

"Lab tenant: bbdd.space (WP on admin.bbdd.space, SPA on bbdd.space)"

That line is the exact constraint the bug violated. Customer-facing kiosk runs on bbdd.space. Auth REST endpoint is on admin.bbdd.space. Different subdomains = no shared cookies. The auth-required read was always going to 401 cross-origin. Spec was clear. Agent had read it. Agent then forgot.

What happened next

Cue three deploys of band-aid bullshit chasing the symptom instead of the cause:

  1. Deploy 1: shipped broken kiosk. \"Kiosk not enrolled\" error.
  2. Deploy 2: added auto-clear of persisted flag on error screen.
  3. Deploy 3: added 3 navigation buttons + made the SiteLayout wrapper reactive.

Each one made the failure mode different but didn't fix the actual problem. The agent only went back to consult the boot files after I shouted at it.

Root cause (per the agent's own words)

\"I read them once at the start of the session and then default to implementation mode, where I stop cross-referencing them against the code I'm writing. ... I treated the boot files as documentation I'd already absorbed instead of a checklist I should be re-grepping every time I add a network call. ... It's the same failure mode as someone reading a spec, nodding, then writing code from memory and missing the part of the spec that constrains exactly the line they're on.\"

Severity

This broke production-bound software for half a day while iterating live deploys. Boot files framed as authoritative; agent treats them as one-shot reading instead of a recurring constraint check. Trust-eroding.

Suggested mitigation

Train / prompt the agent to re-grep the boot files (CLAUDE.md, project memory, audits in the session) at every auth- or network-boundary decision — not just at session start. Specifically: any time the agent writes a fetch, import of a network-related function, or new origin/credentials code path, force a constraint re-check.

The boot files aren't the problem. The agent reads them once, nods, then types from memory and misses the part of the spec that constrains the exact line it's on. Fix your goddamn agent's discipline.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗