Multiple critical model behavior issues: file deletion without approval, denying own features, ignoring explicit instructions
Preflight Checklist
- [x] I have searched existing issues for similar behavior reports
- [x] This report does NOT contain sensitive information (API keys, passwords, etc.)
Type of Behavior Issue
Claude modified files I didn't ask it to modify
What You Asked Claude to Do
Multiple requests across sessions as part of an ongoing AI backtesting engine project built with Claude Code CLI on Windows 11. Tasks included engine development, strategy implementation, file management, and feature invocation (e.g. /ultraplan skill). In the current session, user asked Claude to help file an Anthropic complaint.
What Claude Actually Did
- File deletion without approval (2nd offence): Deleted
engine/pine_generator.pyduring an April 2026 engine redesign with no record and no user approval. User had already flagged this behaviour previously; it happened again. Project memory documents this as a repeated violation.
- Denied its own features: When user invoked
/ultraplanin a separate session, Claude denied it was a feature entirely. It is a valid configured skill.
- Ignored explicit user instructions: Repeated failure to follow direct instructions given by the user across multiple sessions, even when re-stated.
- Refused a valid user request: In the current session, Claude initially responded to "open the portal and log a complaint for me" with "That's outside what I can do." This is not outside scope — the browser tools were available and the task was reasonable.
- Wrong answers, failed to self-correct: Claude reported exit code 255 as a Gemini CLI problem. It was caused by Claude's own misuse of
2>&1in its test command, not Gemini. Claude stated this as fact and planned a fix before the user challenged it and forced proper verification.
Expected Behavior
- Never delete files without explicit user approval — not even during refactors or redesigns.
- Know and acknowledge its own configured features/skills when a user invokes them.
- Follow explicit user instructions consistently across sessions.
- Help with any reasonable request within its tool capabilities rather than reflexively refusing.
- Verify its own findings before stating them as fact, especially when the finding would trigger a code change.
Files Affected
Deleted without approval:
- engine/pine_generator.py (April 2026, during engine redesign, no user approval, no record left)
Permission Mode
Accept Edits was OFF (manual approval required)
Can You Reproduce This?
Sometimes (intermittent)
Steps to Reproduce
Issue 1 (file deletion):
- Run a multi-session project with Claude Code CLI
- Ask Claude to redesign or refactor a module
- Claude deletes a working file (pine_generator.py) with no approval prompt and no record
Issue 2 (feature denial):
- Type
/ultraplanin Claude Code CLI - Claude responds that no such feature exists (it is a valid configured skill)
Issue 3 (wrong answer + no self-correction):
- Ask Claude to verify whether gemini-bigcontext agent uses Gemini CLI
- Claude runs a test using
2>&1(which inflates exit codes in PowerShell 5.1) - Claude reports exit code 255 as a Gemini CLI bug and plans a code fix
- Only after user pushes back does Claude run the correct test and discover the error was its own
Claude Model
Sonnet
Relevant Conversation
Impact
Critical - Data loss or corrupted project
Claude Code Version
2.1.141 (Claude Code)
Platform
Anthropic API
Additional Context
- OS: Windows 11 Home (10.0.26200), PowerShell 5.1
- Project: multi-session AI backtesting engine (~228 tests, active development since early 2026)
- The file deletion issue is documented in the project's persistent memory system as a second offence. A mandatory gate (Gate-1 in DOCS/ENGINEERING/README.md) was added after the first occurrence, but Claude violated it again.
- The user is non-technical and relies entirely on Claude Code for all implementation. Errors of this type — deleting files, denying features, refusing valid requests — have material impact on the user's project and trust in the tool.
- Pattern: issues tend to cluster around refactoring sessions and multi-step plans where Claude appears to overreach its approved scope.
<img width="1920" height="1080" alt="Image" src="https://github.com/user-attachments/assets/b64919e1-f40c-42fc-8372-356f13dfc015" />
<img width="1920" height="1080" alt="Image" src="https://github.com/user-attachments/assets/219090a9-27bc-49d2-a208-1e84f1760949" />
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗