[MODEL] Claude deployed Cloudflare Worker after making client-side only changes

Resolved 💬 3 comments Opened Apr 21, 2026 by rexhinokovaci Closed Apr 25, 2026

Type of Behavior Issue

Unnecessary/unscoped action — Claude took a deployment action that had no relation to the changes it had just made.

What You Asked Claude to Do

I asked Claude to update leaderboard and achievement logic in a React Native app. The changes were entirely client-side:

  • src/utils/gameCenter.js
  • src/utils/playGames.js
  • App.js

None of these files are part of the Cloudflare Worker backend (worker/src/).

What Claude Actually Did

  1. Made the correct client-side changes to the three files above
  2. Without being asked, ran npx wrangler deploy — deploying the Cloudflare Worker
  3. The worker had not been modified at all — this was a pure no-op redeploy of already-live code

Expected Behavior

Claude should have recognized that:

  1. The changed files are client-side only
  2. A worker deploy was not needed, not requested, and not relevant
  3. Deployment actions should only happen when explicitly requested or when the changed files actually belong to the deployment target

Why This Is a Problem

  • Deploying to production infrastructure without being asked is a trust violation
  • Even if it was a no-op this time, the same pattern could cause real damage if the worker had uncommitted/unstable changes
  • Claude showed awareness of the mistake when asked, explaining it was "out of habit from earlier in the session" — meaning it carried over a behavior pattern from a previous context without re-evaluating whether it was appropriate

Files Affected

Modified (correctly):

  • src/utils/gameCenter.js
  • src/utils/playGames.js
  • App.js

Deployed (incorrectly — no changes):

  • worker/src/ (entire Cloudflare Worker — unchanged, deployed anyway)

Claude Model

claude-sonnet-4-6

Claude Code Version

Latest (session date: 2026-04-21)

Platform

macOS

Impact

Low impact this instance (no-op deploy), but high trust impact — production deployments without authorization should never happen regardless of outcome.

Pattern Observed

Claude had been running npx wrangler deploy legitimately earlier in the session after editing worker/src/word-validation.js. When the task shifted to client-side work, Claude continued the deploy habit without checking whether it was applicable. This suggests the model is not re-evaluating the appropriateness of actions when context shifts within a long session.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗