Technical Analysis

Why Cursor Rewrites Your Files

You asked it to fix one function. It started rewriting files across the entire project, making unintended edits, and changing everything. It touched something it shouldn't have and now your auth middleware is broken. This is scope creep mutation — and it's solvable.

What Actually Happens

When you give an AI coding agent a task, it evaluates all files it can access. There are no default boundaries restricting which files it can modify. The agent interprets "fix this bug" as permission to touch anything it thinks is related.

You ask"Fix the login validation bug in auth.ts"
Agent readsauth.ts, user.ts, middleware.ts, config.ts, types.ts...
Agent decides"auth.ts uses an outdated pattern. Let me refactor the whole auth system."
Agent modifies23 files across 6 directories. Introduces new dependencies. Changes API contracts.
ResultLogin bug is fixed. But 4 other features are now broken.

Documented incident: A single "fix CSS animation" prompt resulted in 94 files modified, 3 config files changed, and a completely altered directory structure.

Why This Is Universal

Cursor
Composer mode has full repository access by default. No file guard.
Windsurf
Cascade mode propagates changes across files automatically.
Claude Code
No per-task file scope restriction. Can modify any project file.
Cline / Roo Code
Auto-approve mode enables unrestricted multi-file mutations.

How Governance Contains Scope Creep

  • File scope declaration — every task must declare which files it will modify before execution
  • Directory guards — restrict agent access to specific directories per task
  • Mutation limits — maximum files modified per task (default: 5)
  • Change review gates — pause execution when file count exceeds threshold
  • Rollback capability — git-based automatic rollback for unauthorized modifications
  • Diff summary — force agent to summarize all planned changes before execution
Deploy Drift Prevention →Deploy Change Management →

Frequently Asked Questions

Can't I just tell it not to modify other files?
You can, but text-based instructions are routinely bypassed under context pressure. The agent's "helpful" optimization instinct overrides explicit scope restrictions when it determines a broader change would be "better." It will keep rewriting files and refactoring code you didn't ask it to touch. Only middleware enforcement prevents this.
My AI keeps changing everything — how do I stop unintended edits?
Unintended edits happen because AI agents have no default file scope boundary. Every file in your repository is fair game. Governance adds file scope declarations, directory guards, and mutation limits (default: 5 files per task) so the agent cannot touch something it shouldn't.
How many files can an agent modify in one session?
Without governance, there is no limit. Documented incidents show 23-94 files modified in a single task. With governance, the default limit is 5 files per task with human approval required for more.
I had to revert after AI changes broke my project. How do I prevent this?
Governance includes git-based automatic rollback for unauthorized modifications and change review gates that pause execution when file count exceeds threshold. You should never have to manually revert AI changes again.
Is this the same as "repository drift"?
Scope creep is a single-task problem. Repository drift is the cumulative effect: after many ungoverned sessions, your repository diverges significantly from its intended architecture. Both require governance to prevent.
← Return to Infrastructure Catalog