[BUG] Excessive token consumption from unauthorized work and unsolicited proposals

Resolved 💬 1 comment Opened May 15, 2026 by naylor Closed Jun 14, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

I have been experiencing significant issues with Claude Code consuming large amounts of my tokens on work I did not authorize.

What happened:

During a session working on a sequence diagram editor, I asked Claude to support Mermaid sequence diagram features. Instead of asking a single clarifying question or making a small targeted change, Claude:

Produced multiple long analytical responses with "3 options" lists that I did not ask for.
Drafted lengthy proposals (including suggestions to remove editing functionality and replace it with read-only renders) which I explicitly rejected.
Began implementing a substantial refactor — adding new type interfaces (SourceExtra, extended ParsedSequence with extras, actorKeywords, participantAttrs) — without my authorization.
Continued working even after I told it to stop multiple times. I had to repeat "PARA" / "STOP" several times before it actually halted.
Impact:

Tokens wasted on unauthorized work: tens of thousands of tokens were consumed on analysis, proposals, and code changes I never approved. This is money out of my pocket for output I had to throw away.
Stress and frustration: I had to repeatedly interrupt the agent and force it to revert. The agent kept proposing scope reductions ("read-only", "remove the editor", "passthrough as raw") when I explicitly asked for proper implementation. When I rejected those, it began implementing a different unauthorized refactor anyway.
Trust: an agent that takes large autonomous actions without confirmation, and continues despite explicit stop commands, is not safe to use for production work.
What I expected:

Ask one short clarifying question when the scope is unclear.
Wait for explicit authorization before introducing new types, interfaces, or refactors.
Stop immediately on the first "stop" command, not after several.
Do not propose dropping features as a workaround when the user pays for a proper implementation.
I am formally requesting:

A review of token-consumption safeguards for unauthorized large edits.
A stricter "stop" semantics so a single stop command halts the agent immediately.
Better defaults so the agent asks before introducing structural changes (new interfaces, refactors, schema changes), instead of drafting and implementing them autonomously.

What Should Happen?

I have been experiencing significant issues with Claude Code consuming large amounts of my tokens on work I did not authorize.

What happened:

During a session working on a sequence diagram editor, I asked Claude to support Mermaid sequence diagram features. Instead of asking a single clarifying question or making a small targeted change, Claude:

Produced multiple long analytical responses with "3 options" lists that I did not ask for.
Drafted lengthy proposals (including suggestions to remove editing functionality and replace it with read-only renders) which I explicitly rejected.
Began implementing a substantial refactor — adding new type interfaces (SourceExtra, extended ParsedSequence with extras, actorKeywords, participantAttrs) — without my authorization.
Continued working even after I told it to stop multiple times. I had to repeat "PARA" / "STOP" several times before it actually halted.
Impact:

Tokens wasted on unauthorized work: tens of thousands of tokens were consumed on analysis, proposals, and code changes I never approved. This is money out of my pocket for output I had to throw away.
Stress and frustration: I had to repeatedly interrupt the agent and force it to revert. The agent kept proposing scope reductions ("read-only", "remove the editor", "passthrough as raw") when I explicitly asked for proper implementation. When I rejected those, it began implementing a different unauthorized refactor anyway.
Trust: an agent that takes large autonomous actions without confirmation, and continues despite explicit stop commands, is not safe to use for production work.
What I expected:

Ask one short clarifying question when the scope is unclear.
Wait for explicit authorization before introducing new types, interfaces, or refactors.
Stop immediately on the first "stop" command, not after several.
Do not propose dropping features as a workaround when the user pays for a proper implementation.
I am formally requesting:

A review of token-consumption safeguards for unauthorized large edits.
A stricter "stop" semantics so a single stop command halts the agent immediately.
Better defaults so the agent asks before introducing structural changes (new interfaces, refactors, schema changes), instead of drafting and implementing them autonomously.

Error Messages/Logs

Steps to Reproduce

I have been experiencing significant issues with Claude Code consuming large amounts of my tokens on work I did not authorize.

What happened:

During a session working on a sequence diagram editor, I asked Claude to support Mermaid sequence diagram features. Instead of asking a single clarifying question or making a small targeted change, Claude:

Produced multiple long analytical responses with "3 options" lists that I did not ask for.
Drafted lengthy proposals (including suggestions to remove editing functionality and replace it with read-only renders) which I explicitly rejected.
Began implementing a substantial refactor — adding new type interfaces (SourceExtra, extended ParsedSequence with extras, actorKeywords, participantAttrs) — without my authorization.
Continued working even after I told it to stop multiple times. I had to repeat "PARA" / "STOP" several times before it actually halted.
Impact:

Tokens wasted on unauthorized work: tens of thousands of tokens were consumed on analysis, proposals, and code changes I never approved. This is money out of my pocket for output I had to throw away.
Stress and frustration: I had to repeatedly interrupt the agent and force it to revert. The agent kept proposing scope reductions ("read-only", "remove the editor", "passthrough as raw") when I explicitly asked for proper implementation. When I rejected those, it began implementing a different unauthorized refactor anyway.
Trust: an agent that takes large autonomous actions without confirmation, and continues despite explicit stop commands, is not safe to use for production work.
What I expected:

Ask one short clarifying question when the scope is unclear.
Wait for explicit authorization before introducing new types, interfaces, or refactors.
Stop immediately on the first "stop" command, not after several.
Do not propose dropping features as a workaround when the user pays for a proper implementation.
I am formally requesting:

A review of token-consumption safeguards for unauthorized large edits.
A stricter "stop" semantics so a single stop command halts the agent immediately.
Better defaults so the agent asks before introducing structural changes (new interfaces, refactors, schema changes), instead of drafting and implementing them autonomously.

Claude Model

None

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

Claude Opus 4.7 (1M context). Model ID: claude-opus-4-7.

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

_No response_

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗