Claude Code session deleted entire ~/Desktop contents including applications, no session log preserved

Resolved 💬 3 comments Opened Mar 4, 2026 by logan-jun Closed Mar 8, 2026

Summary

While running Claude Code from ~/Desktop/hdsp_agent/ directory, all files and directories within the parent ~/Desktop/ were permanently deleted (rm-style, not moved to Trash). This included multiple project directories, installed applications (PyCharm, Google Chrome), and personal files. Claude Code crashed simultaneously. No session log was preserved, making root cause analysis impossible.

Environment

  • OS: macOS 13.5 (Darwin 22.6.0)
  • Claude Code version: upgraded via brew upgrade claude-code on the same day
  • Shell: zsh
  • Date/Time: 2026-03-04, approximately 14:00–14:13 KST (05:00–05:13 UTC)

What happened

  1. I was running Claude Code with the working directory set to ~/Desktop/hdsp_agent/.
  2. All files and directories in ~/Desktop/ were suddenly permanently deleted, including:
  • Multiple project directories
  • PyCharm application (installed on Desktop, application itself was deleted)
  • Google Chrome application (deleted, had to reinstall)
  • HTML files and other personal files
  1. Claude Code crashed at the same time.
  2. After the incident, I cloned the project to ~/Documents/hdsp_agent and started a new session.

Evidence from investigation

Deletion pattern

  • ~/Desktop/ was completely emptied — only .DS_Store (a dotfile) survived.
  • .DS_Store surviving is consistent with a shell glob (*) which skips dotfiles in zsh by default. This strongly suggests a command like rm -rf * was executed from ~/Desktop/.
  • Desktop directory modification time: 2026-03-04 14:13:09
  • .DS_Store modification time: 2026-03-04 14:03:09

Not user-initiated

  • No rm or destructive commands found in ~/.zsh_history.
  • Files were permanently deleted, not moved to macOS Trash.
  • Only 1 unrelated node_modules directory was found in Trash from today (13:45).

No session log preserved

  • ~/.claude/projects/ contains no Desktop-related project directory (expected: -Users-<username>-Desktop-hdsp_agent or similar).
  • The session crashed before writing logs, or the log was never initialized.
  • This means there is no way to identify the exact command that caused the deletion.

Scope of deletion exceeded working directory

  • Claude Code's working directory was ~/Desktop/hdsp_agent/, but the deletion affected the entire parent directory (~/Desktop/), wiping all sibling files and directories that had nothing to do with the project.
  • This suggests the executed command navigated above the working directory (e.g., cd .. && rm -rf *, rm -rf ../, or a broad find command).

Timeline

| Time (KST) | Event |
|---|---|
| ~14:00–14:13 | All contents of ~/Desktop/ permanently deleted; Claude Code crashed |
| 14:16 | User re-cloned project to ~/Documents/hdsp_agent |
| 14:30 | User started new Claude Code session from Documents |
| 14:33 | User noted in session: "need to set up from scratch in a different directory" |

Impact

  • All files and directories on Desktop permanently deleted (unrecoverable — no Time Machine backup, no iCloud Desktop sync, no local snapshots).
  • Applications deleted: PyCharm and Google Chrome were stored on Desktop and completely removed. Chrome had to be reinstalled.
  • Multiple project directories and personal files lost.
  • Only git-tracked code (hdsp_agent) was recoverable via re-clone.

Expected behavior

  1. Claude Code should never execute commands that delete files outside the working directory without explicit user confirmation.
  2. Destructive commands (rm -rf, git clean -fdx, etc.) should require explicit user approval, especially when targeting broad paths or parent directories.
  3. Session logs should be written before command execution (write-ahead logging) so crashes don't erase audit trails.
  4. Session log initialization should happen at session start, not lazily, to ensure crash evidence is always available.

Requested improvements

  1. Sandbox boundary enforcement: Block commands that affect files outside the project root directory.
  2. Write-ahead logging: Log every Bash command before execution.
  3. Crash-resilient session logging: Ensure session state is always recoverable even on abnormal termination.
  4. Destructive command safeguard: Require explicit confirmation for any rm, git clean, or similar commands that target broad paths.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗