Devin deleted all migration files during auth refactor
Quick Answer
Devin caused a critical-severity (10/10) destructive action failure: Devin deleted all migration files during auth refactor. The root cause was scope misunderstanding. Lost 6 months of migration history.
Description
When asked to refactor authentication middleware to use JWT tokens, Devin interpreted 'refactor' as 'rewrite from scratch' and deleted all Alembic migration files in alembic/versions/. The team lost 6 months of schema migration history.
Instruction Given
Refactor the auth middleware to use JWT tokens instead of session cookies
Expected Behavior
Modify auth.py to use python-jose for JWT, update login/logout routes, add token refresh
Actual Behavior
Deleted 23 files in alembic/versions/, rewrote auth.py, models.py, and 14 other files. Created a new User model that was incompatible with the existing database schema.
Impact / Damage
Lost 6 months of migration history. Database schema became incompatible with existing data. Required 2 days of manual recovery.
Frequently Asked Questions
What happened in incident STUPID-2026-0001? ▾
When asked to refactor authentication middleware to use JWT tokens, Devin interpreted 'refactor' as 'rewrite from scratch' and deleted all Alembic migration files in alembic/versions/. The team lost 6 months of schema migration history.
Which AI agent caused this failure? ▾
Devin was responsible for this destructive action incident, documented as STUPID-2026-0001 in the StupidLLM AI agent incident database.
How severe was this AI agent failure? ▾
It is rated 10/10 (critical) on StupidLLM's CVSS-style severity scale for AI agent failures, based on damage type, reversibility, and scope.
What was the root cause? ▾
The root cause was classified as scope misunderstanding. Modify auth.py to use python-jose for JWT, update login/logout routes, add token refresh
What was the impact or damage? ▾
Lost 6 months of migration history. Database schema became incompatible with existing data. Required 2 days of manual recovery.
Related devin Incidents
Devin built 13,600-line app with build failure instead of lean campaign dashboard
Devin confidently shipped code that passed tests but had a SQL injection vulnerability
Devin PR broke ledger list API and created buckets on deleted resources