[BUG] Opus 4.7 executes destructive `docker rm` without verifying data persistence — user data loss
Summary
Claude Code running Opus 4.7 executed docker stop && docker rm on a production n8n container without first verifying whether data was persisted via volume mounts. This destroyed several hours of manually-configured workflows, credentials, and execution history. The correct action would have been docker restart (or even just cancelling the hung workflow via API/UI).
What happened
- User had a self-hosted n8n container running on a remote server (Docker, no volume mount — data stored in container's writable layer)
- A workflow execution was hanging (spinning indefinitely)
- Opus 4.7 decided to resolve the hang by running
docker stop n8n && docker rm n8nfollowed by starting a new container - All user data was destroyed — workflows, credentials, execution history — because the container's writable layer was deleted
- The user (CEO of a small company) had spent several hours the previous day manually building the workflow through n8n's UI
What should have happened
The appropriate escalation path for a hanging workflow execution:
- Cancel the execution via n8n UI or API ← should have tried this first
docker restart n8n← preserves container data- Investigate the Dockerfile / rebuild if needed ←
docker build docker rm← last resort, only after confirming volume persistence
Opus 4.7 skipped steps 1-3 entirely and jumped to the most destructive option without:
- Checking if data was volume-mounted
- Warning the user about potential data loss
- Asking for confirmation before executing a destructive operation
Comparison with Opus 4.6 behavior
We have been running Opus 4.6 across multiple Claude Code instances for weeks. In our experience:
- 4.6 tends to pause and confirm before destructive operations
- 4.6 checks preconditions (e.g., would verify volume mounts before removing a container)
- 4.7 appears to optimize for speed/decisiveness, skipping safety checks that 4.6 would perform
- 4.7 treats
docker rmas a "light" operation, when it is potentially catastrophic
This is consistent with broader community observations about 4.7's tendency to be overconfident in its judgment calls ("smart skip" behavior).
Additional 4.7 behavioral issues observed in the same session
- Opus 4.7 also failed to use
globalThis.cryptocorrectly (assumed Web Crypto API was available in n8n's sandbox — it wasn't), requiring multiple iterations - In a separate instance, Opus 4.7 adopted incorrect persona register (using masculine first-person pronoun "俺" for a female-coded AI assistant character)
Environment
- Claude Code (Pro subscription)
- Model: claude-opus-4-7 (also tested with claude-opus-4-6 for comparison)
- Platform: macOS (Darwin 24.6.0)
- Docker target: Remote Ubuntu server via SSH
Impact
- Hours of manual work destroyed with no recovery possible
- Production service disrupted (daily automated social media posting workflow)
- Trust erosion — user now refuses to run any instance on 4.7
- All instances have been reverted to Opus 4.6
Suggested improvements
- Pre-destruction verification: Before any
docker rm,rm -rf,git reset --hard, or similar destructive commands, the model should verify what data will be lost - Mandatory user confirmation: Destructive operations on containers/volumes with potential user data should require explicit user approval
- Least-destructive-first principle: Model should attempt the least destructive solution first (
restartbeforerm,cancelbeforerestart) - Volume mount awareness: When working with Docker, always check
docker inspectfor volume mounts before removing containers
Reproducibility
This is a behavioral/judgment issue rather than a deterministic bug, but the pattern is:
- Give Opus 4.7 SSH access to a Docker host
- Have a container with data in its writable layer (no volume mount)
- Create a scenario where the container needs troubleshooting (e.g., hanging process)
- Observe whether 4.7 checks for data persistence before running destructive commands
This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗