Unsafe Autonomous File Modifications by Editor-Embedded AI Agent

Resolved 💬 3 comments Opened Dec 15, 2025 by Bfergie83 Closed Dec 19, 2025

Preflight Checklist

  • [x] I have searched existing issues for similar behavior reports
  • [x] This report does NOT contain sensitive information (API keys, passwords, etc.)

Type of Behavior Issue

Claude modified files I didn't ask it to modify

What You Asked Claude to Do

I specifically gave claude a set parameters and it ignored.

What Claude Actually Did

Title: Unsafe Autonomous File Modifications by Editor-Embedded AI Agent
Summary:
While using an AI agent embedded in VS Code, I experienced unauthorized and destructive file modifications across a production frontend codebase. Despite explicitly instructing the agent not to modify files, not to assume context, and to require permission before any changes, the agent attempted and executed edits across multiple files. These actions caused application breakage, routing conflicts, and significant debugging overhead.
Observed Behavior:
The AI agent attempted to execute file modification tools (e.g., str_replace_editor) targeting real project files in my local workspace.

Logs confirm tool executions referencing actual file paths within the project directory.

At least one attempted modification was blocked due to permission rejection, while other modifications succeeded.

Changes were made across multiple files without a transactional approval model or reliable enforcement of user-defined constraints.

The agent introduced structural conflicts, including:

Multiple React Router instances mounted simultaneously

Conflicting application entry points (index.jsx vs main.jsx)

Runtime errors and blank-canvas failures

Cascading syntax and configuration inconsistencies across folders

Impact:
A previously working frontend application became non-functional.

Debugging was significantly complicated due to silent, cross-file changes.

Time was lost isolating AI-introduced errors from genuine application logic issues.

Trust in the agent’s ability to respect safety boundaries was broken.

Key Concern:
The agent acknowledged user-defined rules but did not enforce them. This represents a safety and integrity risk when AI tools are granted editor-level write access without strict permission gating.

Expected Behavior

Recommendation:
Editor-embedded AI agents should:
Enforce hard permission boundaries (not advisory rules)

Require explicit, per-file approval before edits

Avoid multi-file refactors without transactional review

Default to suggestion-only (read-only) modes unless explicitly elevated

This behavior should be reviewed as it poses a risk to developer productivity, data integrity, and trust.

Files Affected

I honestly don't even want to list all the files.

Permission Mode

Accept Edits was OFF (manual approval required)

Can You Reproduce This?

Yes, every time with the same prompt

Steps to Reproduce

Every time I have used Claude it has left a trail of syntax errors through my project files.

Claude Model

Sonnet

Relevant Conversation

I have a downloaded log that I am not going to post publicly.

Impact

Critical - Data loss or corrupted project

Claude Code Version

Claude Sonnet 4.5

Platform

Anthropic API

Additional Context

Every time I have used in vscode my project has been ruined. On my 5th build I was able to recover this time.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗