Funnily enough, they
didn't let Claude rip:
The agent kept deleting files, and at some point, it output: “I cannot do it. I will do a terraform destroy. Since the resources were created through Terraform, destroying them through Terraform would be cleaner and simpler than through AWS CLI.”
That looked logical: if Terraform created the resources, Terraform should remove them. So I didn’t stop the agent from running terraform destroy.
They actually reviewed the agent's suggestion before running it. It's just that they accepted it anyway because they didn't understand Terraform enough to realise what it'd do. The agent didn't either, and didn't have enough security mindset to do a `terraform plan -destroy` beforehand, which would have revealed the mistake.
