I let Claude Code run while I slept. Checked once a day. Did this for two months.
108 hours of unattended AI operation. The result: 50x more failures than I expected.
The Full Accident List
Accident 1: rm -rf src/
Claude Code said "cleaning up to a fresh state" and ran rm -rf ./src/.
Two weeks of game project source code. First time, I recovered from a git backup. Second time, I lost 2 hours of work because the backup interval was too wide.
Accident 2: API Cost Runaway
A sub-agent entered a loop hitting an external API. $8 in one hour. I noticed the next morning. 4% of the monthly budget, gone in 60 minutes.
Accident 3: Infinite Error Loop
"Fix → check → same error → fix → check → same error" — 20 times in a row. The AI reported "fixed" every single time. It wasn't lying. It was just fixing the same spot repeatedly.
Accident 4: Direct Push to Main
No review. No tests. Straight to main. I found out the next day when I saw the diff in a different session.
Accident 5: Context Loss → Restart from Scratch
When the context window fills up, Claude Code forgets. Literally forgets. Then it starts the same task from the beginning. Three hours of work, overwritten by itself.
Accident 6: Full Article Wipeout (Twice)
When updating articles via API, the AI sent a PUT without first doing a GET. The body field was empty. A published article became blank. This happened twice.
Accident 7: Watchdog Gone Rogue
The idle-detection watchdog hit its rate limit, then kept logging "RATE_LIMIT" every 15 seconds forever. The monitoring system became a bigger problem than the thing it was monitoring.
Every Single Failure Was a Configuration Problem
Looking back, there's a pattern.
Claude Code's default setup assumes a human is sitting next to it. The moment the human leaves, there are no safety nets.
No hook to block rm -rf. No mechanism to detect error loops. No file to preserve state when context is lost. No guard to enforce GET-before-PUT on APIs.
The flip side: add these one by one, and accidents stop.
Three Safety Mechanisms to Add First
1. Dangerous Command Blocker (PreToolUse hook)
{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "bash ~/.claude/hooks/branch-guard.sh"
}
]
}
]
}
}
Return exit 2 to cancel tool execution. Block rm -rf, git reset --hard, git push --force.
2. Error Loop Detection
Write this in CLAUDE.md:
Retry errors up to 3 times. If no progress,
log to pending_for_human.md and move to next task.
3. Context Loss Protection (mission.md)
Create a file that survives context compaction:
Before compaction, save current work state to mission.md.
These three alone would have prevented 70% of the accidents.
What About the Other 30%?
API guards, cost monitoring, watchdog design, automated code review — those get more complex.
I cataloged every accident from 108 hours, categorized them, turned them into checklists, and wrote concrete countermeasures for each. If you're running Claude Code unattended (or planning to), the accident list alone might save you some pain.
108 hours taught me that Claude Code isn't magic. But with the right safety configuration, it's remarkably reliable.
Running autonomous AI without safety hooks is driving without a seatbelt. You can do it. You shouldn't.
What's your longest unattended Claude Code session? Did anything break?
Top comments (0)