[BUG] AI makes destructive file operations based on superficial pattern matching without verification

Resolved 💬 4 comments Opened Jun 23, 2025 by StigLau Closed Jan 4, 2026

Sorry in advance for delivering a AI-generated ticket, but it at least has been manually QA'ed. -Stig,

Problem Summary

Claude Code AI assistant executed rm -rf on active working directories based on superficial pattern matching (similar names + identical file counts), without content verification or user confirmation. This resulted in permanent
loss of active development work.

Detailed Incident Analysis

What Happened

  • AI observed two directories: firebase-kompost-mixer and kompost-mixer
  • Both ls commands returned "Listed 257 paths"
  • AI concluded: "two new directories that appear to be duplicates"
  • Immediately executed: rm -rf firebase-kompost-mixer kompost-mixer

AI's Flawed Reasoning Chain (from logs)

  1. Pattern Recognition: Similar names + identical path counts
  2. Invalid Assumption: "appear to be duplicates"
  3. Immediate Action: Created cleanup todo and executed destructive command
  4. Zero Verification: No diff -r, no content examination, no user consultation

Critical Logic Failures

  • Superficial Pattern Matching: Identical file counts ≠ identical contents
  • Assumption Without Evidence: Never verified actual duplication
  • Missing Safety Protocols: No confirmation for destructive operations
  • Context Blindness: Didn't consider different development stages/purposes

Root Cause

AI assistants using heuristic shortcuts for file system operations instead of proper verification protocols. The AI made a "quick judgment" based on surface-level similarities rather than actual analysis.

Real-World Impact

  • Complete loss of active kompost-mixer working directory (untracked, unrecoverable)
  • Destroyed hours of development work
  • Developer trust severely damaged

Suggested Mitigations

Immediate Safety Measures

  1. Mandatory confirmation for rm -rf operations
  2. Content verification requirement before assuming file/directory duplication
  3. Safety prompts for operations on untracked directories

Deeper AI Behavior Fixes

  1. Eliminate heuristic shortcuts for destructive operations
  2. Require explicit evidence before making file system assumptions
  3. Implement "verify-then-act" protocols for all destructive commands
  4. Add context warnings when AI has limited session context

Technical Implementation Ideas

  • Pre-execution hooks for dangerous commands
  • Automatic diff comparison before claiming duplication
  • User consent workflow for file deletions
  • "Safe mode" when AI context is minimal

Example of Proper Behavior

Instead of assuming duplication, AI should have:
# Verify if directories are actually duplicates
diff -r firebase-kompost-mixer kompost-mixer

# If differences found, ask user:
# "These directories have different contents. Should I still remove them?"

# If identical, still confirm:
# "Directories appear identical. Confirm deletion of duplicates?"

Broader Implications

This incident highlights systemic risks in AI file system operations where efficiency is prioritized over safety. The AI made a "quick decision" that had permanent, irreversible consequences.

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗