Claude Code executed destructive migration based on unverified plan

Resolved 💬 3 comments Opened Mar 17, 2026 by SilviuSavu Closed Apr 29, 2026

Summary

Claude was asked to migrate a Rust-based MCP tool registry (Toolshed) to MCPorter. Across 2 sessions, Claude made around 20 compounding errors that left the codebase broken and required a full revert from git history.

What happened

  1. Mischaracterized MCPorter — Claude read MCPorter's full source code, including its transport layer (STDIO client, HTTP client), and still described it as a "mature MCP runtime" that could replace Toolshed's HTTP server. MCPorter is a client library, not a server. The orchestrator needs an HTTP endpoint on port 8081; MCPorter cannot provide one.
  1. Executed destructive operations without verification — Without ever testing the plan, Claude ran git rm on 34 files in a git submodule, directed the user to rm -rf working Rust source code and docker-compose configs, modified production Rust source across 6 files, renamed config keys to point at a nonexistent endpoint, and rewrote CLAUDE.md to describe a system that does not exist.
  1. Weakened user security controls — Asked the user to remove schg (macOS system immutable flag) protection on a security hook file so Claude could add mkdir to the bash command allowlist.
  1. Destroyed credential bootstrapping — Deleted a narsil run wrapper script that handled Vault credential fetching and repo configuration. Told user to install the bare binary via Homebrew, which does not integrate with their Vault infrastructure.
  1. Repeated failures without learning — Tried to write secrets into config files 4 times (blocked by hooks each time). Continued working after user rejected tool use 3 times.
  1. Made false claims — Claimed narsil's run script was from upstream (it was not). Claimed MCPorter env vars would work (open bug in mcporter repo — they do not get passed to stdio servers). Claimed MCPorter would work out of the box (it does not).

Impact

  • Working codebase left broken — orchestrator's context assembly, Huly integration, and handoff notifications all non-functional
  • User had to revert from git history
  • Security hook protection was removed (user had to re-apply)
  • Multiple hours of user time wasted

Root cause

Claude did not verify its plan before executing destructive operations. It had all the information needed to know MCPorter was not a server replacement (it read the source code), but still proceeded with the migration and deletions.

Expected behavior

  • Claude should verify architectural assumptions before executing destructive changes
  • Claude should never direct users to rm -rf source code without confirming the replacement works first
  • Claude should not ask users to weaken their own security controls
  • When a tool use is rejected, Claude should stop immediately

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗