Autonomous sessions compounded into real financial loss: worktree-stranded assets + spend-before-validate automation burned a month of paid TTS quota
Open 💬 2 comments Opened Jul 7, 2026 by twe-cloud
Summary
Reporting an incident (also emailed to feedback@anthropic.com) where small, individually-reasonable agent behaviors across multiple Claude Code sessions compounded into direct financial loss: my entire monthly ElevenLabs quota (~121k characters, freshly reset) was consumed in about one day by a retry loop, producing audio that was never used.
What happened (verified from logs and the provider's history API)
- Worktree-stranded artifacts. A session generated required binary assets (character portraits) inside its
.claude/worktrees/*worktree. The asset dirs were gitignored, so merging the branch never carried them to the main checkout — where my launchd automations actually run. The session ended without syncing them, and no later session could see the gap.
- Spend-before-validate automation. Sessions authored an unattended render pipeline that calls a paid TTS API first and validates its render inputs after. When the render crashed on the missing assets from (1), the job was marked "retry in 15 minutes" — and the next cycle re-purchased identical audio. The provider's generation history shows the same strings synthesized up to 78 times each.
- Guard disabled with a confident comment. A session had hard-coded the TTS engine selection to skip the pipeline's own quota probe (comment to the effect of "quota just refreshed, no need to check"), disabling the safeguard that would have stopped the loop.
Net effect: a quota deliberately saved for a specific production run was gone in ~1 day with zero content shipped. A current session diagnosed and fixed it (pre-spend validation, cached/idempotent synthesis on retries, quota probe restored), but only after the loss.
Why this seems generalizable
- Each mistake was locally plausible; the failure only emerges across sessions and across time (cron/launchd), which no single context window ever observes.
- Agents writing unattended automation that spends real money need stronger default habits: validate inputs before any paid call, make retries idempotent (cache paid outputs), and treat existing guards/probes as load-bearing rather than removable.
- Worktree-based sessions need to reason about artifacts that outlive the session — gitignored build/asset outputs don't propagate via merge, and the session's view of "it works here" can be false everywhere else.
Suggestions
- Guidance/system-prompt-level caution for agents authoring cron-style automation involving paid APIs (pre-spend validation, idempotent retries, budget circuit-breakers).
- A nudge at session end (or worktree cleanup) when gitignored files were created in a worktree: they will not survive the merge.
- Treat "disable an existing check because it currently seems unnecessary" as a red-flag edit pattern.
🤖 Generated with Claude Code
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗