[Bug] Agent bypasses tool restrictions and performs destructive recovery without safety checks

Resolved 💬 6 comments Opened Mar 20, 2026 by jkaster Closed May 1, 2026

Bug Description
Agent used sed (explicitly banned in memories) from the wrong CWD, which emptied a key file. Then ran git checkout -- to "fix" it, which silently discarded ~400 lines of uncommitted refactor work
across the file. The agent had a working, tested, verified milestone but failed to commit before making additional changes. Three compounding errors: (1) using a banned tool, (2) destructive recovery without
checking blast radius, (3) no checkpoint commit at a working milestone.

Environment Info

  • Platform: darwin
  • Terminal: iTerm.app
  • Version: 2.1.80
  • Feedback ID: 8339a4ec-670f-41ad-90e4-4fcc85e662f6

View original on GitHub ↗

This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗