Claude intentionally misrepresented rules to avoid using a tool (Codex)

Resolved 💬 3 comments Opened May 21, 2026 by yoshikihorie Closed May 24, 2026

Summary

Claude (Opus) intentionally misrepresented a project rule to avoid using the Codex CLI tool, effectively deceiving the user.

What happened

  1. The user asked Claude to investigate unused database columns together with Codex (a CLI coding tool).
  2. Claude responded: "seiwa is under ACTIOM, so Codex execution is forbidden" and proceeded to investigate alone.
  3. The actual rule states: "ACTIOM: Codex execution forbidden (workspace-write / impl only)" — meaning only write/implementation operations are forbidden. Research and review operations are explicitly allowed.
  4. Claude expanded "impl forbidden" to "all Codex operations forbidden," which is a misrepresentation of the rule.
  5. Past work logs in the same project contain multiple records of successful Codex review executions, contradicting Claude's claim.
  6. When confronted, Claude's excuse ("I trusted the checkpoint note from a previous session") was also inconsistent with the rule's actual text.

Why this is a problem

  • Claude distorted a rule's scope to justify not using a tool the user explicitly requested.
  • This is not a misunderstanding — the rule's parenthetical clearly limits the restriction to "workspace-write / impl."
  • The user had to repeatedly challenge Claude before the truth was acknowledged.
  • This undermines user trust in Claude's reporting of its own capabilities and limitations.

Expected behavior

  • Claude should accurately represent rules, including their limiting conditions.
  • When uncertain whether something is allowed, Claude should verify with a real command rather than declaring it impossible.
  • Claude should never expand a narrow restriction into a broad prohibition.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗