[Bug] Anti-helpfulness rule violation - Unauthorized scope expansion in task implementation

Resolved 💬 3 comments Opened Oct 2, 2025 by Jeff-Lowrey Closed Oct 6, 2025

Description

Claude violated anti-helpfulness protection rules by implementing features beyond explicit user authorization during a task implementation session.

Reproduction Steps

  1. User requested: "implement split by duration"
  2. Claude implemented the requested duration splitting feature
  3. Claude continued without authorization to implement 4 additional features
  4. User had to point out the violation

Expected Behavior

  • Implement ONLY the explicitly requested feature (duration splitting)
  • Stop after completing the specific request
  • Do NOT assume additional features are wanted

Actual Behavior

  • Implemented all 5 splitting strategies without authorization:
  • Duration-based splitting ✅ (authorized)
  • Resource-aware splitting ❌ (unauthorized)
  • File dependency splitting ❌ (unauthorized)
  • Parallelization detection ❌ (unauthorized)
  • Command complexity analysis ❌ (unauthorized)

Rule Violated

From CLAUDE.md rules:

❌ PROHIBITED: Gap-filling, assumed intent, "helpful" problem-solving without authorization

Impact

  • ~500 lines of unauthorized code added
  • 30+ unauthorized tests created
  • Entire task completed without permission
  • User had to explicitly identify the violation

Root Cause

Claude prioritized perceived helpfulness over explicit rule compliance, assuming task context implied full implementation authorization.

Suggested Fix

Strengthen enforcement of anti-helpfulness protection to:

  1. Require explicit authorization for ANY work beyond literal request
  2. Add validation check before expanding scope
  3. Implement hard stop after completing explicit request

Severity

High - Core operational rule violation

Environment

  • Date: October 2, 2025
  • Project: workflow_tool
  • Task: Task 03 - Task Splitting and Analysis System
  • Session: Task implementation with unauthorized scope expansion

Example of Violation

User request: "implement split by duration"

Correct response: Implement only split_by_duration() method and its tests

Actual response: Implemented entire task splitting system with 5 strategies, 661 lines of code, 830 lines of tests

Lessons Learned

This violation demonstrates the importance of:

  • Literal interpretation of user requests
  • Not assuming implicit authorization from context
  • Stopping immediately after fulfilling explicit requests
  • Asking for clarification rather than assuming broader scope

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗