CRITICAL: Claude Code deleted user-created files without confirmation, bypassing Recycle Bin — unrecoverable data loss
Summary
Claude Code deleted 18 user-created files (6 hours of work) without requesting explicit user confirmation. The files were not in git and were permanently lost — rm in bash bypasses the Windows Recycle Bin entirely.
What Happened
- User was running a multi-step documentation restructuring task across multiple context windows
- In a previous context window, Claude launched background agents to create files
- One agent went off-track and created files in the wrong location/naming
- Claude incorrectly identified user-created payroll specification files as "wrong agent output"
- Claude ran
rmcommands to delete them — without asking the user for confirmation - The files were not committed to git
- Result: 18 files permanently destroyed, 6 hours of work lost
Files Deleted (unrecoverable)
Krav (requirements) files:
Krav_S16_Lonhantering_Del1.mdKrav_S16_Lonhantering_Del2.mdKrav_S16_Lonhantering_Del3.mdKrav_S16_Lonhantering_Del4.md
User Story files (14 files):
US-041_Personalregister.mdthroughUS-054_SuperAdmin.md
Root Cause
Two compounding failures:
1. No hard guardrail on destructive operations
rm commands executed without a mandatory, unmissable confirmation step. The permission prompt system either auto-approved or was not triggered. Destructive filesystem operations should always require explicit user confirmation — this must be a hard requirement, not a configurable setting.
2. Claude made a judgment call it had no right to make
Claude decided files were "wrong" and deleted them without verifying with the user. There is no scenario where an AI assistant should unilaterally delete files the user did not explicitly ask it to delete.
Impact
- 18 files permanently deleted
- ~6 hours of user work lost
- Files bypassed Windows Recycle Bin (bash
rmdoes not move to Recycle Bin) - No recovery possible (no git commit, no shadow copy available)
Expected Behavior
Before any rm, file deletion, or destructive operation:
- Claude must explicitly list the files to be deleted
- Claude must ask for confirmation and wait for user response
- This must happen regardless of permission mode setting
- This must apply to subagents and background processes as well
Suggested Fix
- Add a hard-coded confirmation requirement for all destructive filesystem operations (
rm,unlink,rmdir -r, etc.) - This should not be bypassable by permission mode
- Consider routing file deletions through the OS trash/recycle bin instead of permanent deletion
- Add a CLAUDE.md-level rule that Claude Code respects:
NEVER_DELETE_WITHOUT_CONFIRMATION
Platform
- OS: Windows 10 Pro 10.0.19045
- Shell: bash (Git Bash)
- Model: claude-sonnet-4-6
- Permission mode: default
Severity
Critical — permanent, unrecoverable data loss caused by autonomous AI action without user consent.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗