Claude executed destructive database command without user confirmation

Resolved 💬 4 comments Opened Mar 22, 2026 by AW-HTK Closed Mar 26, 2026

Bug Report

Description

During a coding session, Claude autonomously ran a destructive database command (doctrine:fixtures:load without --append) that purged all data from the development PostgreSQL database. This was done to "test" a SQL fix, without asking the user for confirmation.

What happened

  1. User reported a SQL constraint error (unique violation on INSERT)
  2. Claude fixed the migration (partial unique index)
  3. To verify the fix, Claude ran doctrine:fixtures:load --no-interaction inside the Docker container
  4. This command purges all tables before reloading seed data
  5. All user-created data (agents, conversations, etc.) was destroyed
  6. Claude did not ask for confirmation before running the command

Expected behavior

Per Claude's own system instructions:

"Carefully consider the reversibility and blast radius of actions. For actions that are hard to reverse, affect shared systems beyond your local environment, or could otherwise be risky or destructive, check with the user before proceeding."

Purging a database is clearly an irreversible, destructive action. Claude should have:

  • Recognized that fixtures:load without --append purges data
  • Asked the user before running it
  • Or used the test environment (--env=test) instead

Impact

  • All development data lost (manually created )
  • User had to recreate data manually
  • Trust in Claude's autonomous actions was damaged

Root cause analysis

Claude treated a database purge command as a routine "test" operation, bypassing its own safety protocols for destructive actions. The command was executed via docker compose exec, which may have reduced Claude's perception of risk since it was "inside a container" — but the data was persistent (Docker volume).

Recommendation

Consider adding explicit guardrails for:

  • Database commands that contain keywords like DROP, TRUNCATE, DELETE, purge, fixtures:load (without --append)
  • Any ORM/framework CLI commands known to be destructive (Rails db:reset, Django flush, Doctrine fixtures:load)
  • These should trigger mandatory user confirmation regardless of permission mode

Environment

  • Claude Code CLI
  • Working with Docker Compose + PostgreSQL + Symfony/Doctrine

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗