[BUG] Destructive command run autonomously by AI
Environment
- Platform (select one):
- [ ] Anthropic API
- [ ] AWS Bedrock
- [ ] Google Vertex AI
- [ X ] Other: Claude Code MacOs Shell
- Claude CLI version: 0.2.74 (Claude Code)
- Operating System: MacOS 15.3.2 (24D81)
- Terminal: iterm2
Bug Description
The incremental permission system is great to learn how to trust the AI for autonomous tasks.
But sometime, we might grant permission to run autonomously for command we didn't expect could be destructive in some contexts.
Steps to Reproduce
- Grand permission to multiple git tasks
- AI assume autonomous permission to run git checkout --, to perform a git task blocked by uncommitted change.
Expected Behavior
Any destructive tasks should ALWAYS require USER EXPLICIT permission to execute.
Actual Behavior
AI can assume autonomous decision to perform destructive commands.
Additional Context
The immediate solution would be to have a white list of what were allowed by the user via the prompt, that can be reviewed and revised. To remove permission given that caused destructive outcome.
Would be great if we could flag a task performed by the AI autonomously and for the system to automatically revoke the permission to run it autonomously.
A. By finding the permission in the prompt that granted the permission.
B. Having a black list with higher priority where the command is added and can never be run autonomously.
Each list should be editable by the user, so they remain in control.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗