"Instead of going through the plan manually, I let Claude Code run terraform plan and then terraform apply".
Doesn't matter if it was you or the bot running terraform, the whole point of a two-step process is to confirm the plan looks right before executing the apply. Looking at the plan after the apply is already running is insane.
Shoot first and ask questions later! Measure nonce and cut thrice!
Surely more and harder leetcode interviews will prevent this from happening
More like 'Shoot yourself first and then complain out it later!'
Vibe SRE-ing.
I mean it would be nice if the Claude and Codex CLIs had a setting to default to plan mode, every now and then I’m trying to put together a plan, only to realize that it’s not in plan mode and already making changes.
You should not, under any circumstances, let an LLM touch the Terraform CLI. It's completely irresponsible to give an error-prone system like an LLM that kind of access.
This is what I can't get over - who in their right mind would _ever_ give an agent enough access to delete prod data?
Someone who should be immediately fired.
This is the purpose of sandbox environments.
What about
Claude at least does: add "permissions": { "defaultMode: "plan" } to your settings.json.
I'll note this only applies to new sessions though – if you do /clear and start working on something else it doesn't re-apply plan mode (I kind of wish it did)
I mean that sentence is basically your RCA