Agent can overwrite/delete CLAUDE.md and policy files it depends on

Resolved 💬 4 comments Opened Feb 7, 2026 by s93gso Closed Mar 8, 2026

Description

CLAUDE.md and related policy documents reside in the same git repository that the agent has full write access to. This means an agent performing a bad merge, switching branches, or removing a worktree can delete the very rules governing its own behavior.

This is analogous to giving an employee the ability to shred their own employment contract.

Steps to reproduce

  1. Set up a project with CLAUDE.md containing critical rules
  2. Have the agent perform git operations (branch switching, merging, worktree creation/deletion)
  3. Observe that CLAUDE.md can be overwritten, deleted, or made unavailable

Observed behavior

The agent can — and does — accidentally destroy or overwrite its own instruction files during normal git operations. Once the file is gone, subsequent agent actions proceed without any guardrails.

Expected behavior

CLAUDE.md should be resilient to agent-caused git chaos. Possible approaches:

  • Read-only protection: Require manual user approval before any modification to CLAUDE.md
  • Cached copy: Cache the parsed instructions outside the repo (e.g., in ~/.claude/) so rules survive git operations
  • Pre-operation check: Warn/block if a git operation would remove or alter CLAUDE.md

Impact

High — in production projects, CLAUDE.md contains security policies, architectural rules, and operational constraints. Losing these silently means the agent proceeds without guardrails, potentially causing cascading damage.

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗