Claude Code v2.1.111 re-introduced a per-file <system-reminder> that causes Opus 4.7 subagents to refuse legitimate code edits at ~40-60% rate, breaking parallel agent workflows.
Key Takeaways
The reminder is hard-coded in the Claude CLI binary (~/.local/share/claude/versions/2.1.111), not from user hooks or settings.json, confirmed via binary grep.
Phrasing is the root cause: “you MUST refuse to improve or augment the code” is unconditional; subagents read it literally and refuse even on first-party MIT-licensed Rust code.
Main-thread sessions apply a charitable malware-conditional interpretation; subagents with less context default to the literal reading, producing ~40-60% refusal on Opus 4.7 parallel tasks.
Each file read injects ~400 tokens of reminder; 50-100 reads per session wastes 20-40k tokens with zero safety benefit on non-malware projects.
Issue #47027 was marked fixed in v2.1.92; this is a confirmed regression 19 versions later in v2.1.111.
Hacker News Comment Review
Commenters broadly see this as a structural problem: Anthropic engineers likely run on unlimited internal plans, so per-Read token overhead is invisible to them but compounds into real costs for paying users running parallel agents.
Several commenters questioned whether per-file malware analysis has any genuine safety value, noting that Claude’s trained refusal behaviors already handle actual malware requests and the reminder amounts to vibe-coded safety theater.
Alternatives suggested include patching the binary string directly, proxying the API to strip the reminder server-side, or switching to OpenCode which exposes a configurable system prompt and cheaper subagent models.
Notable Comments
@pdp: flags a conflict-of-interest angle – harness builders selling API access have direct incentive to let token overhead grow unchecked.
@7thpower: “an insurance policy taken out by Anthropic to cover their downside, but paid for by users” – frames embedded safety prompts as one-sided risk transfer.
@lifis: suggests patching the binary or running an API proxy to filter the reminder as a practical workaround today.
