You've seen this one. You give your coding agent a clear rule: "Don't edit files I didn't ask you to touch." It behaves. Twenty minutes and a dozen tool calls later, it edits the three files you never mentioned, and you find out when the test suite goes red.
The rule never left the prompt. The agent just stopped following it. No error, no warning — it quietly aged out.
This isn't a smarts problem and it isn't bad luck. It's structural, it's measurable, and once you see the mechanism you can stop it for good. Here's the failure, the fixes that don't work, the real cause, and the rebuild.
The failing example
Say your CLAUDE.md (or .cursorrules — same story) opens with:






