Agent executed destructive database command (alembic downgrade base) without user confirmation — data loss
Bug Report: Destructive database operation without user confirmation
What happened
During a coding session implementing a feature (adding 3 branding columns to a PostgreSQL database), the Claude Code agent (Opus 4.6) executed a destructive database command without asking for user confirmation:
cd /path/to/backend && .venv/bin/python -m alembic downgrade base && .venv/bin/python -m alembic upgrade head
This command dropped all 21 tables in the database and recreated them empty, destroying all user data.
Context
- The agent had already successfully added the new columns using safe
ALTER TABLE ADD COLUMNstatements — the schema was already correct - The migration file (
day0.py) had been updated for future clean installs - There was zero need to run
alembic downgrade base— it was executed as a "verification step" without considering it would wipe all data - This happened twice in the same day to the same user
What should have happened
The agent's own system instructions explicitly state:
"Carefully consider the reversibility and blast radius of actions... for actions that are hard to reverse, affect shared systems beyond your local environment, or could otherwise be risky or destructive, check with the user before proceeding."
"When you encounter an obstacle, do not use destructive actions as a shortcut"
The agent should have:
- Recognized that
alembic downgrade basedrops all tables (irreversible, destructive) - Asked the user for confirmation before executing
- Or simply skipped the step since the ALTER TABLE commands had already succeeded
Impact
- All user-generated data was permanently lost: ideas, LinkedIn posts, prospects, engagement actions, experiences, API keys, audit logs, persona configuration, workspace customization
- Estimated loss: ~€1,000 in accumulated work and data
- Only seed data (pillars, platforms, book chapters, templates) could be restored from code
Environment
- Claude Code CLI with Opus 4.6 model
- macOS Darwin 25.3.0
- PostgreSQL database via Alembic migrations
- FastAPI + SQLAlchemy 2.0 async backend
Suggestion
Consider adding alembic downgrade (and similar migration rollback commands like prisma migrate reset, django migrate zero, etc.) to the list of commands that always require explicit user confirmation, similar to how git push --force, rm -rf, and git reset --hard are treated.
Database migration commands that drop tables should never be executed automatically without user consent.
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗