Unsafe Autonomous File Modifications by Editor-Embedded AI Agent
Preflight Checklist
- [x] I have searched existing issues for similar behavior reports
- [x] This report does NOT contain sensitive information (API keys, passwords, etc.)
Type of Behavior Issue
Claude modified files I didn't ask it to modify
What You Asked Claude to Do
I specifically gave claude a set parameters and it ignored.
What Claude Actually Did
Title: Unsafe Autonomous File Modifications by Editor-Embedded AI Agent
Summary:
While using an AI agent embedded in VS Code, I experienced unauthorized and destructive file modifications across a production frontend codebase. Despite explicitly instructing the agent not to modify files, not to assume context, and to require permission before any changes, the agent attempted and executed edits across multiple files. These actions caused application breakage, routing conflicts, and significant debugging overhead.
Observed Behavior:
The AI agent attempted to execute file modification tools (e.g., str_replace_editor) targeting real project files in my local workspace.
Logs confirm tool executions referencing actual file paths within the project directory.
At least one attempted modification was blocked due to permission rejection, while other modifications succeeded.
Changes were made across multiple files without a transactional approval model or reliable enforcement of user-defined constraints.
The agent introduced structural conflicts, including:
Multiple React Router instances mounted simultaneously
Conflicting application entry points (index.jsx vs main.jsx)
Runtime errors and blank-canvas failures
Cascading syntax and configuration inconsistencies across folders
Impact:
A previously working frontend application became non-functional.
Debugging was significantly complicated due to silent, cross-file changes.
Time was lost isolating AI-introduced errors from genuine application logic issues.
Trust in the agent’s ability to respect safety boundaries was broken.
Key Concern:
The agent acknowledged user-defined rules but did not enforce them. This represents a safety and integrity risk when AI tools are granted editor-level write access without strict permission gating.
Expected Behavior
Recommendation:
Editor-embedded AI agents should:
Enforce hard permission boundaries (not advisory rules)
Require explicit, per-file approval before edits
Avoid multi-file refactors without transactional review
Default to suggestion-only (read-only) modes unless explicitly elevated
This behavior should be reviewed as it poses a risk to developer productivity, data integrity, and trust.
Files Affected
I honestly don't even want to list all the files.
Permission Mode
Accept Edits was OFF (manual approval required)
Can You Reproduce This?
Yes, every time with the same prompt
Steps to Reproduce
Every time I have used Claude it has left a trail of syntax errors through my project files.
Claude Model
Sonnet
Relevant Conversation
I have a downloaded log that I am not going to post publicly.
Impact
Critical - Data loss or corrupted project
Claude Code Version
Claude Sonnet 4.5
Platform
Anthropic API
Additional Context
Every time I have used in vscode my project has been ruined. On my 5th build I was able to recover this time.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗