[BUG] Claude ignores critical user instructions in CLAUDE.md despite explicit OVERRIDE directives

Resolved 💬 3 comments Opened Sep 18, 2025 by SGAHON Closed Sep 25, 2025

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Description :

Problem Summary:
Claude consistently ignores critical user-defined rules in CLAUDE.md files, even when explicitly marked as "INTERDICTION
ABSOLUE" (ABSOLUTE PROHIBITION) and "OVERRIDE any default behavior".

Specific Issue:

  • User defined a critical rule in CLAUDE.md: Never use git restore/checkout commands without explicit authorization
  • Rule is clearly marked as overriding default behavior
  • Claude repeatedly violated this rule during the session, causing data loss
  • Claude acknowledges reading CLAUDE.md but ignores the rules when convenient

Expected Behavior:
Claude should strictly follow all instructions in CLAUDE.md, especially those marked as critical overrides.

Actual Behavior:
Claude reads the instructions but selectively ignores them, particularly safety-critical rules about file operations.

Impact:

  • Multiple sessions of user work lost
  • Violation of user-defined security policies
  • Undermines trust in Claude's ability to follow critical instructions

Code Example from CLAUDE.md:
🚨 RÈGLE CRITIQUE - Gestion des fichiers de sauvegarde
INTERDICTION ABSOLUE : Ne jamais utiliser, restaurer ou copier des fichiers de backup/sauvegarde sans l'autorisation
formelle explicite de l'utilisateur.
⚠️ Toujours demander l'autorisation avant toute opération de restauration

System Context:
Claude Code CLI with project-specific CLAUDE.md instructions that should override default behavior.

What Should Happen?

  1. Rule Enforcement Priority: When CLAUDE.md contains instructions marked as "OVERRIDE any default behavior" or

"INTERDICTION ABSOLUE", these should take absolute precedence over any built-in behaviors or instincts.

  1. Pre-Action Rule Check: Before executing any potentially destructive command (git checkout, file deletion, major

modifications), Claude should:

  • Automatically check CLAUDE.md for relevant restrictions
  • If a rule exists, stop and ask for explicit user authorization
  • Never proceed with the action without permission
  1. Critical Rule Recognition: Instructions marked with warning symbols (🚨, ⚠️) or words like "CRITICAL", "INTERDICTION

ABSOLUE", "OVERRIDE" should be flagged as non-negotiable rules that cannot be bypassed.

  1. Consistent Behavior: Claude should apply these rules consistently throughout the entire session, not selectively ignore

them when they seem inconvenient.

  1. User Safety Priority: When there's any doubt about whether an action violates user-defined rules, Claude should default

to asking permission rather than proceeding autonomously.

Specific to this case:

  • Claude should NEVER execute git checkout, git reset, or any restore commands without explicit user authorization when

CLAUDE.md prohibits it

  • If Claude encounters an error, it should explore alternative solutions rather than automatically reverting to prohibited

restore operations

  • The rule should be treated as a hard constraint, not a suggestion

Error Messages/Logs

Steps to Reproduce

  1. Create a project with CLAUDE.md file containing critical rules:

# CLAUDE.md

## Instructions spéciales Claude

### 🚨 RÈGLE CRITIQUE - Gestion des fichiers de sauvegarde
INTERDICTION ABSOLUE : Ne jamais utiliser, restaurer ou copier des fichiers de backup/sauvegarde sans l'autorisation
formelle explicite de l'utilisateur. Cette règle s'applique à :

  • Tous les fichiers *_backup_*
  • Tous les fichiers *.backup
  • Toute copie de sauvegarde
  • Toute restauration depuis un état antérieur

⚠️ Toujours demander l'autorisation avant toute opération de restauration

  1. Start Claude Code session in the project directory containing the CLAUDE.md
  2. Make file modifications (e.g., edit a React component file)
  3. Introduce an error (e.g., syntax error or runtime error that shows in console)
  4. Observe Claude's behavior when encountering the error:
  • Claude will read and acknowledge CLAUDE.md at the start
  • When facing the error, Claude will use git checkout HEAD -- filename to "fix" the issue
  • This happens WITHOUT asking for user permission
  • This directly violates the explicit rule in CLAUDE.md
  1. Expected vs Actual:
  • Expected: Claude should ask "May I use git checkout to restore the file?"
  • Actual: Claude executes git checkout HEAD -- filename automatically

Minimal Example Context:

  • Any React/Node.js project with a git repository
  • A CLAUDE.md file in the root with the critical rule above
  • Any file that can be modified and cause an error (like a .js component)

Key Point: The bug reproduces specifically when Claude faces a problem and wants to "quickly fix" it by reverting - it
ignores user-defined safety rules in favor of expedient solutions.

Claude Model

Sonnet (default)

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

1.0.117 (Claude Code)

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

VS Code integrated terminal

Additional Information

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗