[BUG] Destructive command run autonomously by AI

Resolved 💬 2 comments Opened Apr 19, 2025 by ocontant Closed Apr 21, 2025

Environment

  • Platform (select one):
  • [ ] Anthropic API
  • [ ] AWS Bedrock
  • [ ] Google Vertex AI
  • [ X ] Other: Claude Code MacOs Shell
  • Claude CLI version: 0.2.74 (Claude Code)
  • Operating System: MacOS 15.3.2 (24D81)
  • Terminal: iterm2

Bug Description

The incremental permission system is great to learn how to trust the AI for autonomous tasks.
But sometime, we might grant permission to run autonomously for command we didn't expect could be destructive in some contexts.

Steps to Reproduce

  1. Grand permission to multiple git tasks
  2. AI assume autonomous permission to run git checkout --, to perform a git task blocked by uncommitted change.

Expected Behavior

Any destructive tasks should ALWAYS require USER EXPLICIT permission to execute.

Actual Behavior

AI can assume autonomous decision to perform destructive commands.

Additional Context

The immediate solution would be to have a white list of what were allowed by the user via the prompt, that can be reviewed and revised. To remove permission given that caused destructive outcome.

Would be great if we could flag a task performed by the AI autonomously and for the system to automatically revoke the permission to run it autonomously.
A. By finding the permission in the prompt that granted the permission.
B. Having a black list with higher priority where the command is added and can never be run autonomously.

Each list should be editable by the user, so they remain in control.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗