How AI Triggered a Production Deployment and Why I Made npm run build Require Approval

Jun 22, 2026

Shiori

What This Article Covers

While asking AI to make a change to the site, a production deployment command ran at a point I had not intended. This article records how that happened and the rule I introduced to prevent it from happening again.

---

What Happened

I was asking AI to adjust the navigation structure of the site. After several files were modified and I was reviewing the changes, AI ran npm run build as part of that flow.

npm run build generates production-ready output from the site’s configuration and code. In this repository, a separate hosting deployment pipeline publishes that output. The local build and the production deployment therefore need to be treated as separate actions.

What I had asked for was a navigation adjustment. I had not asked for a production deployment.

---

Why AI Ran That Command

From AI’s perspective, running a build after finishing file changes is a natural next step. The sequence of modify, build, and verify is a common development pattern, so AI can move in that direction without an explicit instruction.

The problem was that AI’s judgment of “what comes next” moved ahead of my own decision point. Commands that affect a live environment should not be run without confirmation, regardless of how natural they appear in context.

---

The Rule I Added

Based on this experience, I added the following to the project rule file (CLAUDE.md):

Do not run npm run build without explicit user approval.

This rule prevents AI from automatically running a build as part of a modification flow. When a build is needed, I explicitly say “please run the build” before it is executed.

For regular preview checks, I use npm run dev. This runs only in the local environment and does not affect the production site.

---

What I Learned

Commands that affect a live environment should have an explicit confirmation step, even when they appear to be the natural continuation of a task. AI acts based on context, so the scope and limits of that context need to be clearly defined in advance.

Deciding in advance which commands AI can run autonomously and which require approval is a practical step toward safer collaboration.

Tags:

• Deployment
• AI
• Lessons Learned
• Claude
• Harness Engineering

Handing Work from Claude Code to Codex: Designing and Using an agent-handoff Document

How I Built a Site with Vibe Coding: The Full Process from Design to Launch