AI Added a Route That Bypasses Auth Middleware
AI registered an endpoint outside the authenticated route group, leaking internal data. The fastest fix: move the route under the authed router and enforce auth at the data layer, not in middleware.
Cursor / Codex / Claude Code — apply failures, indexing, wrong file edits, rollback.
AI coding tools fail two ways: "it broke my code" and "it never read the whole project." This hub groups those by tool — Cursor, Codex, Claude Code — and adds rollback / recovery / guardrails.
AI registered an endpoint outside the authenticated route group, leaking internal data. The fastest fix: move the route under the authed router and enforce auth at the data layer, not in middleware.
AI calls a method that does not exist: wrong arg order, made-up option name, fabricated return type. Diagnose against the real .d.ts and ground future answers in current docs.
An AI-written migration runs clean on an empty dev DB but blows up on prod with constraint, lock, or NULL errors. Fix it with prod-clone testing and safe SQL patterns.
AI wrote an UPDATE or DELETE that holds long locks on a production Postgres table and blocks reads and writes. Cancel it, then rewrite it into lock-friendly batches.
AI generates code with deprecated APIs, fixes one lint error, then re-introduces it in the next file. Pin the ban in .cursor/rules and make ESLint a hard CI error.
AI runs npm install and drops package-lock.json into a pnpm-only repo, breaking the lockfile invariant. Pin the manager with devEngines/corepack and a preinstall guard.
Your agent keeps trying the same fix or oscillates between two states. How to spot the loop in 30 seconds and kill it with one prompt.
AI added a dependency without committing the lockfile, or used a Node feature your CI image doesn't have. Reproduce it in 5 minutes and pin the gap shut.
After an AI run, npm run build fails. Locate the bad change in 10 minutes with diff triage, tsc --noEmit, and targeted git restore — no full reset.
An AI coding agent rewrote .env with placeholders or deleted it. Recover the real values, then hard-lock the file so it never happens again.
Agent imports `src/utils/superhelper.ts` or a package that was never created. Find every bad import, then fix or replace it.
Your branch plus AI edits conflict with main. Resolve it without losing the AI's real improvements, and stop mistaking format noise for logic conflicts.
An agent ran an install or removed deps and now your lockfile is at war with the team's. Throw it away and regenerate — here's the exact path per package manager.
Your agent wrote `UserList2.tsx` next to the original instead of editing in place. Diff, merge, delete, and fix imports without breaking the build.
An AI agent "simplified" your code and quietly deleted a branch real users depend on. Bisect to the commit, cross-check prod logs, restore just the deleted hunks, and add a regression test.
AI code won't type-check (TS2322, TS2339, TS2554)? The exact tsc loop, error-code table, and agent rules that fix it in one pass.
Claude Code editing the wrong files, duplicating functions that exist, or missing key code? It's almost never the model — it's missing project context. Seven concrete ways to make Claude Code read your repo, verified for June 2026.
Cursor pulls old, vendored, or generated files into context and produces wrong patches. Fix the index, .cursorignore, and prompt pinning.
A 200-line Claude Code or Cursor diff isn't safe just because it compiles. Read it deletions-first, in the right order.
Cursor and Claude Code clobbered the same file. Stop both, recover each intent, merge by hunk, and isolate agents with worktrees so it never repeats.