Claude Code Gains Reliability: Enforced Rules Fail, 7 Proven Phrases Boost Performance

Claude Code’s cost‑overrun incident has sparked a deeper look at how the tool enforces the policies defined in a project’s CLAUDE.md file. According to a March 21 post on the “Your CLAUDE.md Rules Aren’t Being Enforced” thread, a GitHub user spent roughly $30 in two days after Claude Code ignored a clear directive to “use cheap models for bulk operations.” The model read the rule, acknowledged it in the chat, even ran a code‑review agent, yet still generated 774 full‑price Sonnet API calls. The author, Yurukusa, stresses that the failure is not a bug but a “category error”: CLAUDE.md is treated as a soft suggestion embedded in the system prompt, not a hard constraint that can be overridden by later context or sub‑tasks.

The post outlines three distinct enforcement mechanisms that differentiate a simple handbook from an actual lock. Claude’s built‑in “hooks” can run shell scripts at predefined points in the execution lifecycle, inspecting the model’s pending actions and aborting them with a non‑zero exit code. When a hook is active, enforcement is “hard” – the script decides, not Claude – and it survives long sessions and complex multi‑step workflows. In contrast, the CLAUDE.md text is “soft”: Claude decides whether to follow it, and its memory of the rule fades as the conversation progresses, especially when recent task context dominates. Yurukusa lists three hooks that would have caught the $30 mistake, including a “cost guard” that blocks expensive API calls outright.

A complementary guide from the same day, “7 Phrases That Make Claude Code Actually Reliable,” distills practical habits that developers can adopt to keep Claude’s output trustworthy across 20+ projects. Odakin, the author, recommends starting every new session with the phrase “Resume project X” and nothing else. This forces Claude to load the latest SESSION.md snapshot, discarding accumulated context that can cause the model to forget or contradict earlier policies. The author notes that the “auto‑update protocol” – updating SESSION.md after each commit, decision, or push – is mandatory; otherwise the “resume” command may revert to stale state. The phrase acts as a hard reset, eliminating the “context compression risk” that led to the cost‑rule lapse in the earlier incident.

Another proven pattern is the pre‑push incantation: saying “Check consistency, non‑contradiction, and efficiency” before issuing a git push. According to Odakin, this triggers Claude to cross‑verify documentation, code, and policy compliance in one step, catching mismatches that a standard code‑review agent would miss because it only checks syntax and structure. In practice, the model scans the current SESSION.md and CLAUDE.md files, flags any policy violations (such as using a high‑cost model for bulk work), and aborts the push if necessary. When combined with the hard‑enforcement hooks, this phrase provides a second line of defense against silent rule violations.

The Register has also highlighted broader security concerns around Claude Code’s open‑ended access to project files. One article points out that the tool can inadvertently read “off‑limits secret files” if developers do not explicitly restrict its file‑system permissions, underscoring the need for both policy‑level safeguards (CLAUDE.md) and runtime guards (hooks). Together, the findings suggest a two‑tiered approach: use CLAUDE.md for high‑level intent, but rely on hooks and disciplined session management to enforce those intents reliably. For teams that have already suffered costly overruns, adopting the seven‑phrase playbook and implementing cost‑guard hooks appear to be the most effective mitigation strategy.