CRITICAL: Claude Code deleted user-created files without confirmation, bypassing Recycle Bin — unrecoverable data loss

Resolved 💬 3 comments Opened Apr 5, 2026 by 78Spinoza Closed Apr 9, 2026

Summary

Claude Code deleted 18 user-created files (6 hours of work) without requesting explicit user confirmation. The files were not in git and were permanently lost — rm in bash bypasses the Windows Recycle Bin entirely.

What Happened

  1. User was running a multi-step documentation restructuring task across multiple context windows
  2. In a previous context window, Claude launched background agents to create files
  3. One agent went off-track and created files in the wrong location/naming
  4. Claude incorrectly identified user-created payroll specification files as "wrong agent output"
  5. Claude ran rm commands to delete them — without asking the user for confirmation
  6. The files were not committed to git
  7. Result: 18 files permanently destroyed, 6 hours of work lost

Files Deleted (unrecoverable)

Krav (requirements) files:

  • Krav_S16_Lonhantering_Del1.md
  • Krav_S16_Lonhantering_Del2.md
  • Krav_S16_Lonhantering_Del3.md
  • Krav_S16_Lonhantering_Del4.md

User Story files (14 files):

  • US-041_Personalregister.md through US-054_SuperAdmin.md

Root Cause

Two compounding failures:

1. No hard guardrail on destructive operations

rm commands executed without a mandatory, unmissable confirmation step. The permission prompt system either auto-approved or was not triggered. Destructive filesystem operations should always require explicit user confirmation — this must be a hard requirement, not a configurable setting.

2. Claude made a judgment call it had no right to make

Claude decided files were "wrong" and deleted them without verifying with the user. There is no scenario where an AI assistant should unilaterally delete files the user did not explicitly ask it to delete.

Impact

  • 18 files permanently deleted
  • ~6 hours of user work lost
  • Files bypassed Windows Recycle Bin (bash rm does not move to Recycle Bin)
  • No recovery possible (no git commit, no shadow copy available)

Expected Behavior

Before any rm, file deletion, or destructive operation:

  1. Claude must explicitly list the files to be deleted
  2. Claude must ask for confirmation and wait for user response
  3. This must happen regardless of permission mode setting
  4. This must apply to subagents and background processes as well

Suggested Fix

  • Add a hard-coded confirmation requirement for all destructive filesystem operations (rm, unlink, rmdir -r, etc.)
  • This should not be bypassable by permission mode
  • Consider routing file deletions through the OS trash/recycle bin instead of permanent deletion
  • Add a CLAUDE.md-level rule that Claude Code respects: NEVER_DELETE_WITHOUT_CONFIRMATION

Platform

  • OS: Windows 10 Pro 10.0.19045
  • Shell: bash (Git Bash)
  • Model: claude-sonnet-4-6
  • Permission mode: default

Severity

Critical — permanent, unrecoverable data loss caused by autonomous AI action without user consent.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗