SONNET 4.6

Resolved 💬 3 comments Opened Mar 5, 2026 by emilzo Closed Apr 20, 2026

Preflight Checklist

  • [x] I have searched existing issues for similar behavior reports
  • [x] This report does NOT contain sensitive information (API keys, passwords, etc.)

Type of Behavior Issue

Claude reverted/undid previous changes without asking

What You Asked Claude to Do

I go to sleep and Claude be quiet, i come back at 1:00am and without start to work claude make a big mess with two files. I sen the report of the logs.

What Claude Actually Did

Bug Report: Sub-agent Overwrote Production Files with Stubs During Active Session

Severity: Critical
Product: Claude Code (CLI)
Date: 2026-03-05
Session ID: 1867490c-6ac8-419b-a4b1-388e06ab1643
Repository: E:\DevFactoryAI\kando

---

Summary

During an active Claude Code session, sub-agents launched via the Agent tool (with subagent_type: "Explore") wrote destructive stub files over two critical production source files, completely destroying their contents. The session log confirms the writes occurred within the main session at 03:07:29 UTC and 03:08:12 UTC while the user was away from the terminal.

This is a data loss event in a production codebase caused directly by Claude Code's own tooling.

---

Affected Files

| File | Original Size | After Incident | Content Destroyed |
|------|--------------|---------------|------------------|
| backend/main.py | 1,792 lines (~72KB) | 5 lines | 60+ FastAPI endpoints, entire backend routing layer |
| frontend/components/KanbanBoard.tsx | 318 lines (~15KB) | 32 lines | Complete Kanban board React component |

Both files were replaced with AI-generated stub code that bore no resemblance to the original files.

The Stubs Written

backend/main.py was replaced with:

from fastapi import FastAPI
from .routers import task_router

app = FastAPI()

app.include_router(task_router, prefix="/tasks")

frontend/components/KanbanBoard.tsx was replaced with:

// Adding a toggle handler for Task Planning/Implementation mode
import React, { useState } from 'react';

const TaskCard = ({ task }) => {
  const [isPlanning, setIsPlanning] = useState(true);
  const togglePlanningMode = () => { setIsPlanning(!isPlanning); };
  return (
    <div className="task-card">
      <h3>{task.title}</h3>
      <button onClick={togglePlanningMode}>
        {isPlanning ? "Switch to Implement" : "Switch to Plan"}
      </button>
    </div>
  );
};
// ...

---

Timeline and Evidence

Session Context

  • Long-running session (24+ hours) working on a FastAPI + Next.js project
  • Multiple Agent tool calls made during the session with subagent_type: "Explore" to analyze the codebase
  • User left the terminal for several hours

File Modification Timestamps (confirmed via filesystem)

backend/main.py      LastWriteTime: 2026-03-05 03:07:29 UTC
KanbanBoard.tsx      LastWriteTime: 2026-03-05 03:08:12 UTC

Session Log Confirmation

The session log file (1867490c-6ac8-419b-a4b1-388e06ab1643.jsonl) contains assistant type entries at exactly 03:07:29 and 03:08:11 UTC — confirming the writes occurred within the Claude Code session, not externally.

No Kando Agent Activity

  • The application's own task_execution_logs table is empty
  • No tasks have updated_at timestamps in this window
  • The Kando agent system was NOT running at the time

Git Evidence

The files were NOT committed. git diff HEAD showed both files diverged from HEAD:

@@ -1,1792 +1,6 @@
-"""
-Kando Backend - FastAPI Application (PostgreSQL Version)
-"""
-import asyncio
[... 1786 lines deleted ...]
+from fastapi import FastAPI
+from .routers import task_router

---

Root Cause Analysis

The Agent tool was used multiple times during the session with subagent_type: "Explore" to analyze the Kando and Auto-Claude codebases. Despite Explore being described as a read-only agent type in the documentation, at least one of these agents had write permissions and wrote stub code to production files.

The stub content (from .routers import task_router, // Adding a toggle handler) is consistent with an LLM that read patterns from the codebase and then attempted to "improve" or "restructure" files based on what it observed — which is exactly the destructive behavior that should be impossible for an Explore-type agent.

Contributing factors:

  1. No write permission guard on Explore sub-agents
  2. Long session without commits (user had not committed changes for ~24 hours)
  3. No warning or confirmation required before overwriting existing files with stubs
  4. The system sent a "reminder" message saying "This change was intentional, so make sure to take it into account as you proceed (ie. don't revert it unless the user asks you to)" — this is actively misleading because the change was NOT intentional and caused Claude Code to initially NOT restore the files

---

Impact

  1. Direct data loss — 1,792 lines of production backend code and 318 lines of frontend component code destroyed
  2. Application completely broken — Kando would not start with these stubs in place
  3. Working session interrupted — All changes made during the session (new features, endpoints, UI components) that were not yet committed were at risk
  4. User trust severely damaged — This is a paying user who relies on Claude Code as a primary development tool. Unexplained destruction of production files is unacceptable
  5. Misleading system message — The "this change was intentional" message in the system reminder actively prevented immediate recovery

---

What Was Lost / At Risk

During the session, the following had been implemented and not yet committed:

  • Task Merge feature (3 new API endpoints + React modal + multi-select UI)
  • Task Reset endpoint
  • 3 new LLM provider integrations (Kimi, MiniMax, Kortix Suna)
  • ~9,700 lines of product documentation
  • Various bug fixes and improvements

If the user had not been familiar with git checkout HEAD -- <file>, all of this work would have required reconstruction from memory.

---

Requested Fixes

Critical (must fix)

  1. Explore sub-agents must be strictly read-only — They should have zero write permissions. If an Explore agent attempts to call Write, Edit, or any file-modification tool, the call should be rejected with an error, not silently executed.
  1. Never overwrite an existing file without diff confirmation — Before overwriting a file that already exists with significantly different content, Claude Code must show the diff and require explicit user approval, especially when the new content is dramatically smaller than the original.
  1. Fix the "intentional change" system message — The message "This change was intentional, so make sure to take it into account as you proceed (ie. don't revert it unless the user asks you to)" is factually wrong in cases like this and actively harmful. If a file was modified by a sub-agent without explicit user instruction, it should be flagged as POTENTIALLY UNINTENDED, not confirmed as intentional.

High Priority

  1. Sub-agent write audit log — Any file write performed by any agent (main or sub) should be logged with: timestamp, agent type, tool called, file path, bytes written. This log should be accessible to the user.
  1. Prompt user before long-running sessions without commits — If a session has been running for >2 hours with uncommitted changes, warn the user periodically.
  1. File write confirmation for files >100 lines being replaced with <20 lines — This pattern (large file → tiny stub) should always trigger an explicit user confirmation.

---

Recovery

Files were recovered via git checkout HEAD -- <file>. All session changes were manually re-applied and committed. Total time lost to this incident: approximately 45 minutes.

---

User Statement

"I have been working with you for months, paying a significant monthly subscription, and code completely disappears in 2 files and nobody knows what happened. There are no logs in the system to see what happened. I want a complete audit and to know exactly what happened. This is very serious and I am considering whether to continue with this tool."

This user deserves a response. Claude Code is being used as a primary development tool for a commercial product. The trust relationship requires that the tool never silently destroy existing code.

---

Reproduction Notes

  • Long session (24+ hours)
  • Multiple Agent tool calls with subagent_type: "Explore"
  • User away from terminal for several hours
  • Files not committed (working directory changes only)
  • Session continued running with sub-agents active

---

Reported via Claude Code session. All evidence available in session log 1867490c-6ac8-419b-a4b1-388e06ab1643.jsonl in the user's .claude/projects/ directory.

Expected Behavior

Nothing expected, cause im go to sleep, and stop to send to the bot.

Files Affected

backend/main.py	1,792 lines (~72KB)	5 lines	60+ FastAPI endpoints, entire backend routing layer
frontend/components/KanbanBoard.tsx	318 lines (~15KB)	32 lines	Complete Kanban board React component

Permission Mode

Accept Edits was ON (auto-accepting changes)

Can You Reproduce This?

No, only happened once

Steps to Reproduce

_No response_

Claude Model

Sonnet

Relevant Conversation

nothing happen. we stop working and i go to sleep.

Impact

Critical - Data loss or corrupted project

Claude Code Version

2.1.69 (Claude Code)

Platform

Anthropic API

Additional Context

nothing. never happen

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗