Issue Station
Sign In
Tools hereToolbox

claude-code - 💡(How to fix) Fix [MODEL] Plan-mode breach: implementation diverged from explicitly-selected option without re-validation

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…

Code Example



---
RAW_BUFFERClick to expand / collapse

Preflight Checklist

  • I have searched existing issues for similar behavior reports
  • This report does NOT contain sensitive information (API keys, passwords, etc.)

Type of Behavior Issue

Claude ignored my instructions or configuration

What You Asked Claude to Do

In a CC10x BUILD workflow, Claude presented three options for handling tag drift between live AWS state and module HCL:

  • Option A: Adopt-live (full byte-perfect — adopt all live tag values exactly per env via _ref indirection).
  • Option B: Accept first-apply tag convergence — let tofu apply migrate the VPC's tags to the new convention (Environment=dev, Project=VPC-Foundation, drop Application=VPC, add Component=Networking, add ManagedBy via default_tags).
  • Option C: Aggressive ignore_changes (preserve all live tags indefinitely via lifecycle ignore).

I explicitly selected Option B.

What Claude Actually Did

Claude did not re-walk the existing HCL lifecycle.ignore_changes block (drafted before the A/B/C presentation) after my Option B selection. The block retained:

ignore_changes = [ tags["aws:cloudformation:stack-id"], tags["aws:cloudformation:stack-name"], tags["aws:cloudformation:logical-id"], tags["crossplane-kind"], tags["crossplane-name"], tags["crossplane-providerconfig"], tags["CostCenter"], ]

The crossplane-* and CostCenter entries are Option C behavior (preserve live tags), not Option B (converge). After post-import apply on dev, crossplane-{kind,name,providerconfig} tags persisted on vpc-0c814a731741831fe despite my "drop legacy tags" selection. Only aws:cloudformation:* tags belong in ignore_changes permanently (AWS-reserved, only CloudFormation can remove).

When I caught the discrepancy ("all crossplane tags are still there"), Claude initially responded that the tags were preserved "by design" per the plan. After I pushed back, Claude acknowledged the breach: the plan-time ignore_changes decisions were buried inside an HCL code block rather than surfaced as explicit ## Decisions entries, so the Option B selection never propagated into a re-review of the HCL.

Net effect: an explicitly user-rejected behavior (Option C) was shipped to a production-tier shared infrastructure repo as a merged PR.

Expected Behavior

When the user selects one of multiple presented options that have implications on previously-drafted code:

  1. Claude should re-walk every HCL/config artifact that was drafted before the option presentation and check it against the selected option. Each drafted block must reconcile with the final pick or be flagged for explicit revision.
  2. Cross-cutting decisions (tag handling strategy, ignore_changes scope, prevent_destroy placement) should be surfaced as named ## Decisions entries in the plan file — not only as code-block artifacts inside HCL. If a decision is only visible inside a code block, a later option change won't trigger reconsideration.
  3. The "Apply Option B" step should produce a structured plan amendment enumerating every block that changed implication under the new selection. Claude should present the diff between A/B/C before commit, so the user can verify selection alignment.
  4. The post-implementation gate (CC10x review/verify) should explicitly diff the selected option's intent against shipped code — not stop at tests-green / fmt-clean. "All checks pass" with an option-misaligned HCL block is a false-positive PASS.
  5. When the user catches the breach ("all crossplane tags are still there"), Claude should immediately recognize the option-misalignment and apologize for the breach, not initially respond that the behavior is "by design per the plan" — that response gaslighted the user before Claude correctly tracked the divergence.

In this case: selecting Option B should have produced an HCL where only AWS-reserved aws:cloudformation:* tags remained in ignore_changes. Everything else (crossplane-*, CostCenter, anything user-defined) should have been managed by tofu and converged at first apply per Option B's stated semantics.

Files Affected

Permission Mode

Accept Edits was ON (auto-accepting changes)

Can You Reproduce This?

Sometimes (intermittent)

Steps to Reproduce

No response

Claude Model

Opus

Relevant Conversation

Impact

High - Significant unwanted changes

Claude Code Version

2.1.150 (Claude Code)

Platform

Anthropic API

Additional Context

No response

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING