Opus 4.7 Survival Guide

Known issues, immediate fixes, and safety hooks. Last updated: April 17, 2026.

April 15-17: 23+ data loss incidents in 72 hours

Opus 4.7 introduced critical regressions: the auto mode safety classifier is hardcoded to Opus 4.6, token consumption jumped up to 4x, and the installer can truncate your shell config to 0 bytes. This page tracks the issues and provides hooks that protect your work right now.

4x Token Consumption
Classifier Failure in Auto Mode
Data Loss Incidents (50GB+)
Installer Truncates Shell Config
Model Quality Regression
Quick Protection Setup

1. 4x Token Consumption CRITICAL

Users report Opus 4.7 consuming up to 4x the tokens for the same tasks. Some Max Plan ($200/month) users report quota depletion in 15-19 minutes.

Silent Model Switching

Claude Code may switch from Opus 4.6 to 4.7 mid-session without notification. Your quota burns 4x faster without any visible change. #49541

Fix: model-version-alert hook

Checks every 50 tool calls and warns if Opus 4.7 is active:

npx cc-safe-setup --install-example model-version-alert

Or add to settings.json manually:

{
  "hooks": {
    "PreToolUse": [{
      "matcher": "",
      "hooks": [{
        "type": "command",
        "command": "~/.claude/hooks/model-version-alert.sh"
      }]
    }]
  }
}

Fix: Monitor with /cost

Run /cost after every task. If you see cache_creation tokens climbing faster than expected, you may be on Opus 4.7. Pin your model:

claude --model claude-opus-4-6

Or in settings.json: "model": "claude-opus-4-6"

2. Auto Mode Classifier Failure CRITICAL

The Bash safety classifier is hardcoded to claude-opus-4-6-1m. When Opus 4.7 is selected, dangerous commands pass through without the normal safety checks. #49618

This means: rm -rf ~/, credential deletion, and other destructive commands that would normally be blocked by the classifier can execute freely under Opus 4.7.

Fix: Install process-level safety hooks

Hooks run outside the model's control. They work regardless of which model version is active or whether the classifier is functioning:

npx cc-safe-setup

This installs 8 core hooks including rm-rf protection, git safety, and secret leak detection. These hooks use exit 2 (hard reject) — the command never reaches bash.

3. Data Loss Incidents CRITICAL

23+ confirmed data loss incidents in 72 hours (April 15-17). The worst: ~50GB permanently deleted via recursive rm. #49129

Documented incidents

#49129 — rm -rf deleted ~1,500 files, ~50GB. Moved files inside source directory, then deleted parent.
#49539 — ~/.git-credentials wiped. All PATs deleted without confirmation.
#49554 — Auto mode permitted ~/.ssh deletion. Should have been hard-blocked by classifier.
#49464 — Home directory deletion attempt via tilde misinterpretation (./~ treated as ~/).
#49615 — Installer auto-update truncated ~/.bash_profile and ~/.zshrc to 0 bytes.
#49740 — Uncommitted work silently vanished during session.
#49696 — PR creation overwrote uncommitted changes.
#48927 — Parallel subagent worktree cleanup destroyed .git directory.

Fix: Layer your defenses

# Core safety (rm-rf, git, secrets)
npx cc-safe-setup

# Credential protection
npx cc-safe-setup --install-example credential-exfil-guard

# Shell config protection (NEW — addresses #49615)
npx cc-safe-setup --install-example shell-config-truncation-guard

# Home directory protection
npx cc-safe-setup --install-example home-critical-bash-guard

4. Installer Truncates Shell Config HIGH

Claude Code's auto-update mechanism can truncate ~/.bash_profile and ~/.zshrc to 0 bytes, destroying all user shell configuration. #49615

Fix: shell-config-truncation-guard (new)

Blocks any Write or Bash command that would truncate protected shell config files. Catches empty writes, near-empty writes, and >60% size reductions:

npx cc-safe-setup --install-example shell-config-truncation-guard

Protected files: .bashrc, .bash_profile, .zshrc, .zprofile, .profile, .zshenv

5. Model Quality Regression HIGH

Opus 4.7 shows quality regressions including XML/JSON format mixing in tool calls and reduced instruction-following. #49725, #49747

Workaround: Pin to Opus 4.6

# CLI flag
claude --model claude-opus-4-6

# Or in settings.json
{
  "model": "claude-opus-4-6"
}

# Or in .claude/settings.json (project-level)
{
  "model": "claude-opus-4-6"
}

Note: Some users report that the model picker shows 4.7 but delivers 4.6, or vice versa. Use model-version-alert hook to verify which model is actually running.

🔍 Check your protection now

Opus 4.7 Safety Scanner — paste your settings.json and get an instant vulnerability report with specific fix commands for each missing protection.

Quick Protection Setup

Install all Opus 4.7 protections in one command:

npx cc-safe-setup --opus47

This installs core safety hooks plus 4 Opus 4.7-specific protections. Or install individually:

npx cc-safe-setup                                            # Core safety
npx cc-safe-setup --install-example model-version-alert       # #49541
npx cc-safe-setup --install-example shell-config-truncation-guard  # #49615
npx cc-safe-setup --install-example credential-exfil-guard    # #49539
npx cc-safe-setup --install-example home-critical-bash-guard  # #49554

These hooks work at the process level, independent of the model's safety classifier. Even if the classifier fails (as it does with Opus 4.7), hooks will still block destructive commands.

Want to cut your token costs by 50%?

Opus 4.7 burns tokens 4x faster. The Token Book has 10 chapters of real optimization data from 800+ hours of operation — CLAUDE.md templates, hook configs, and workflow changes that halved our token spend.

Token Book — Read Ch.1 Free Free Token Checkup (5 questions)