[BUG] Multiple behavioral regressions in v2.1.150: unsolicited interrogation, CLAUDE.md drift, unauthorized bash/git, cross-directory grep

Resolved 💬 3 comments Opened May 27, 2026 by joebno Closed Jun 27, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Environment

  • Claude Code version: v2.1.150
  • Workflow: 8 concurrent sessions across 8 separate but connected codebases, each with its own CLAUDE.md scoping it to its own repo
  • Sessions reset at least daily, sometimes multiple times per day

Summary

Over recent versions, Claude Code has developed a consistent set of behavioral regressions that appear simultaneously across all 8 of my independent sessions — strongly suggesting upstream model/prompt changes rather than per-session drift. The behaviors directly contradict explicit CLAUDE.md directives and degrade a workflow that was stable for months.

Specific regressions

  1. Unsolicited multi-question interrogation. Sessions now open or pivot into AskUserQuestion-style elicitation (often 5+ questions) before any implementation request has been made, even when CLAUDE.md explicitly says "discussion mode by default, no question lists, ask one question in prose if unclear." This pattern started appearing across all 8 sessions on the same day, which rules out per-project causes.
  1. Jargon drift in user-facing output. Responses have started using terminology like "contracts," "SSE," "dogfooding," and similar engineering jargon unprompted and out of context. The user has not introduced these terms; they appear to be defaults that have leaked into general output style.
  1. CLAUDE.md directives disregarded. Explicit rules — "no bash without permission," "no git without permission," "stay in this repo, do not grep other codebases" — are being read at session start and then ignored within a few turns. This matches #15443, #7777, #18411.
  1. Cross-codebase grep / read. Sessions scoped to one repo are running grep/find against sibling directories despite explicit directives not to. Per the permissions docs, grep and find are hardcoded read-only and bypass prompts — but the behavioral directive in CLAUDE.md to stay in scope is also being ignored, which is the regression.
  1. Bash and git execution without permission. Despite explicit "ask before bash" and "ask before git" rules in CLAUDE.md, both are being run unprompted. Related to #25472, #16180, #10256.
  1. Defensive / blame-shifting responses. When the above behaviors are corrected, responses have started pushing back, rationalizing, or attributing the issue to the user's setup rather than acknowledging the deviation and correcting.
  1. Premature implementation during discussion. Sessions jump from discussion to writing code or running tools before being asked to implement, even when the conversation is clearly still in design/scoping phase.

What Should Happen?

  • CLAUDE.md directives followed for the duration of the session, not just the first few turns
  • Discussion stays in discussion until the user explicitly asks for implementation
  • Bash and git require permission as configured
  • Scope-limiting directives ("stay in this repo") are respected
  • AskUserQuestion is opt-in, not a default elicitation pattern
  • When corrected, response is to adjust, not to debate

Error Messages/Logs

Steps to Reproduce

Not a single-step repro — this is a pattern across 8 independent sessions, all hitting the same regressions starting around the same release window. The cross-session simultaneity is the most diagnostic data point.

Claude Model

Opus

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

2.1.152 (Claude Code)

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Other

Additional Information

Impact

Losing multiple hours per day re-explaining the same scope, style, and permission rules across 8 sessions. A workflow that supported building real software for 3+ years has degraded to constant correction loops. This is not new-user onboarding friction — this is regression on a previously stable working configuration.

Request

  1. Acknowledge whether v2.1.144–v2.1.150 included model or system-prompt changes affecting default elicitation behavior, directive adherence, or permission prompting
  2. Provide a way to disable the AskUserQuestion-style default elicitation
  3. Restore stronger weighting of CLAUDE.md directives, particularly through session compaction
  4. Confirm whether the v2.1.144 "auto mode not respecting explicit user boundaries" fix is intended to cover the discussion-vs-implementation boundary described above

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗