[BUG] Excessive token consumption from unauthorized work and unsolicited proposals
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
I have been experiencing significant issues with Claude Code consuming large amounts of my tokens on work I did not authorize.
What happened:
During a session working on a sequence diagram editor, I asked Claude to support Mermaid sequence diagram features. Instead of asking a single clarifying question or making a small targeted change, Claude:
Produced multiple long analytical responses with "3 options" lists that I did not ask for.
Drafted lengthy proposals (including suggestions to remove editing functionality and replace it with read-only renders) which I explicitly rejected.
Began implementing a substantial refactor — adding new type interfaces (SourceExtra, extended ParsedSequence with extras, actorKeywords, participantAttrs) — without my authorization.
Continued working even after I told it to stop multiple times. I had to repeat "PARA" / "STOP" several times before it actually halted.
Impact:
Tokens wasted on unauthorized work: tens of thousands of tokens were consumed on analysis, proposals, and code changes I never approved. This is money out of my pocket for output I had to throw away.
Stress and frustration: I had to repeatedly interrupt the agent and force it to revert. The agent kept proposing scope reductions ("read-only", "remove the editor", "passthrough as raw") when I explicitly asked for proper implementation. When I rejected those, it began implementing a different unauthorized refactor anyway.
Trust: an agent that takes large autonomous actions without confirmation, and continues despite explicit stop commands, is not safe to use for production work.
What I expected:
Ask one short clarifying question when the scope is unclear.
Wait for explicit authorization before introducing new types, interfaces, or refactors.
Stop immediately on the first "stop" command, not after several.
Do not propose dropping features as a workaround when the user pays for a proper implementation.
I am formally requesting:
A review of token-consumption safeguards for unauthorized large edits.
A stricter "stop" semantics so a single stop command halts the agent immediately.
Better defaults so the agent asks before introducing structural changes (new interfaces, refactors, schema changes), instead of drafting and implementing them autonomously.
What Should Happen?
I have been experiencing significant issues with Claude Code consuming large amounts of my tokens on work I did not authorize.
What happened:
During a session working on a sequence diagram editor, I asked Claude to support Mermaid sequence diagram features. Instead of asking a single clarifying question or making a small targeted change, Claude:
Produced multiple long analytical responses with "3 options" lists that I did not ask for.
Drafted lengthy proposals (including suggestions to remove editing functionality and replace it with read-only renders) which I explicitly rejected.
Began implementing a substantial refactor — adding new type interfaces (SourceExtra, extended ParsedSequence with extras, actorKeywords, participantAttrs) — without my authorization.
Continued working even after I told it to stop multiple times. I had to repeat "PARA" / "STOP" several times before it actually halted.
Impact:
Tokens wasted on unauthorized work: tens of thousands of tokens were consumed on analysis, proposals, and code changes I never approved. This is money out of my pocket for output I had to throw away.
Stress and frustration: I had to repeatedly interrupt the agent and force it to revert. The agent kept proposing scope reductions ("read-only", "remove the editor", "passthrough as raw") when I explicitly asked for proper implementation. When I rejected those, it began implementing a different unauthorized refactor anyway.
Trust: an agent that takes large autonomous actions without confirmation, and continues despite explicit stop commands, is not safe to use for production work.
What I expected:
Ask one short clarifying question when the scope is unclear.
Wait for explicit authorization before introducing new types, interfaces, or refactors.
Stop immediately on the first "stop" command, not after several.
Do not propose dropping features as a workaround when the user pays for a proper implementation.
I am formally requesting:
A review of token-consumption safeguards for unauthorized large edits.
A stricter "stop" semantics so a single stop command halts the agent immediately.
Better defaults so the agent asks before introducing structural changes (new interfaces, refactors, schema changes), instead of drafting and implementing them autonomously.
Error Messages/Logs
Steps to Reproduce
I have been experiencing significant issues with Claude Code consuming large amounts of my tokens on work I did not authorize.
What happened:
During a session working on a sequence diagram editor, I asked Claude to support Mermaid sequence diagram features. Instead of asking a single clarifying question or making a small targeted change, Claude:
Produced multiple long analytical responses with "3 options" lists that I did not ask for.
Drafted lengthy proposals (including suggestions to remove editing functionality and replace it with read-only renders) which I explicitly rejected.
Began implementing a substantial refactor — adding new type interfaces (SourceExtra, extended ParsedSequence with extras, actorKeywords, participantAttrs) — without my authorization.
Continued working even after I told it to stop multiple times. I had to repeat "PARA" / "STOP" several times before it actually halted.
Impact:
Tokens wasted on unauthorized work: tens of thousands of tokens were consumed on analysis, proposals, and code changes I never approved. This is money out of my pocket for output I had to throw away.
Stress and frustration: I had to repeatedly interrupt the agent and force it to revert. The agent kept proposing scope reductions ("read-only", "remove the editor", "passthrough as raw") when I explicitly asked for proper implementation. When I rejected those, it began implementing a different unauthorized refactor anyway.
Trust: an agent that takes large autonomous actions without confirmation, and continues despite explicit stop commands, is not safe to use for production work.
What I expected:
Ask one short clarifying question when the scope is unclear.
Wait for explicit authorization before introducing new types, interfaces, or refactors.
Stop immediately on the first "stop" command, not after several.
Do not propose dropping features as a workaround when the user pays for a proper implementation.
I am formally requesting:
A review of token-consumption safeguards for unauthorized large edits.
A stricter "stop" semantics so a single stop command halts the agent immediately.
Better defaults so the agent asks before introducing structural changes (new interfaces, refactors, schema changes), instead of drafting and implementing them autonomously.
Claude Model
None
Is this a regression?
Yes, this worked in a previous version
Last Working Version
_No response_
Claude Code Version
Claude Opus 4.7 (1M context). Model ID: claude-opus-4-7.
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
_No response_
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗