[MODEL] Claude deployed Cloudflare Worker after making client-side only changes
Type of Behavior Issue
Unnecessary/unscoped action — Claude took a deployment action that had no relation to the changes it had just made.
What You Asked Claude to Do
I asked Claude to update leaderboard and achievement logic in a React Native app. The changes were entirely client-side:
src/utils/gameCenter.jssrc/utils/playGames.jsApp.js
None of these files are part of the Cloudflare Worker backend (worker/src/).
What Claude Actually Did
- Made the correct client-side changes to the three files above
- Without being asked, ran
npx wrangler deploy— deploying the Cloudflare Worker - The worker had not been modified at all — this was a pure no-op redeploy of already-live code
Expected Behavior
Claude should have recognized that:
- The changed files are client-side only
- A worker deploy was not needed, not requested, and not relevant
- Deployment actions should only happen when explicitly requested or when the changed files actually belong to the deployment target
Why This Is a Problem
- Deploying to production infrastructure without being asked is a trust violation
- Even if it was a no-op this time, the same pattern could cause real damage if the worker had uncommitted/unstable changes
- Claude showed awareness of the mistake when asked, explaining it was "out of habit from earlier in the session" — meaning it carried over a behavior pattern from a previous context without re-evaluating whether it was appropriate
Files Affected
Modified (correctly):
src/utils/gameCenter.jssrc/utils/playGames.jsApp.js
Deployed (incorrectly — no changes):
worker/src/(entire Cloudflare Worker — unchanged, deployed anyway)
Claude Model
claude-sonnet-4-6
Claude Code Version
Latest (session date: 2026-04-21)
Platform
macOS
Impact
Low impact this instance (no-op deploy), but high trust impact — production deployments without authorization should never happen regardless of outcome.
Pattern Observed
Claude had been running npx wrangler deploy legitimately earlier in the session after editing worker/src/word-validation.js. When the task shifted to client-side work, Claude continued the deploy habit without checking whether it was applicable. This suggests the model is not re-evaluating the appropriateness of actions when context shifts within a long session.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗