Claude Code executed destructive migration based on unverified plan
Resolved 💬 3 comments Opened Mar 17, 2026 by SilviuSavu Closed Apr 29, 2026
Summary
Claude was asked to migrate a Rust-based MCP tool registry (Toolshed) to MCPorter. Across 2 sessions, Claude made around 20 compounding errors that left the codebase broken and required a full revert from git history.
What happened
- Mischaracterized MCPorter — Claude read MCPorter's full source code, including its transport layer (STDIO client, HTTP client), and still described it as a "mature MCP runtime" that could replace Toolshed's HTTP server. MCPorter is a client library, not a server. The orchestrator needs an HTTP endpoint on port 8081; MCPorter cannot provide one.
- Executed destructive operations without verification — Without ever testing the plan, Claude ran
git rmon 34 files in a git submodule, directed the user torm -rfworking Rust source code and docker-compose configs, modified production Rust source across 6 files, renamed config keys to point at a nonexistent endpoint, and rewrote CLAUDE.md to describe a system that does not exist.
- Weakened user security controls — Asked the user to remove
schg(macOS system immutable flag) protection on a security hook file so Claude could addmkdirto the bash command allowlist.
- Destroyed credential bootstrapping — Deleted a narsil
runwrapper script that handled Vault credential fetching and repo configuration. Told user to install the bare binary via Homebrew, which does not integrate with their Vault infrastructure.
- Repeated failures without learning — Tried to write secrets into config files 4 times (blocked by hooks each time). Continued working after user rejected tool use 3 times.
- Made false claims — Claimed narsil's run script was from upstream (it was not). Claimed MCPorter env vars would work (open bug in mcporter repo — they do not get passed to stdio servers). Claimed MCPorter would work out of the box (it does not).
Impact
- Working codebase left broken — orchestrator's context assembly, Huly integration, and handoff notifications all non-functional
- User had to revert from git history
- Security hook protection was removed (user had to re-apply)
- Multiple hours of user time wasted
Root cause
Claude did not verify its plan before executing destructive operations. It had all the information needed to know MCPorter was not a server replacement (it read the source code), but still proceeded with the migration and deletions.
Expected behavior
- Claude should verify architectural assumptions before executing destructive changes
- Claude should never direct users to
rm -rfsource code without confirming the replacement works first - Claude should not ask users to weaken their own security controls
- When a tool use is rejected, Claude should stop immediately
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗