Rereading the post, I think it’s even simpler than that. The volume was shared across multiple environments. Specifically it was shared across staging and prod. Yet another example of the company YOLOing with their production environment. Presumably a token scoped purely to staging could have deleted that volume anyway, because it was part of the staging environment. Mixing production and staging like this is a train wreck waiting to happen.

“I had no idea what this token was for” is also not a valid excuse. That’s negligence. Everything about this story says the author is just vibe coding garbage with no awareness of what’s really happening.

* Doesn’t know what kind of token he’s using.

* Has prod tokens sitting on a dev box for AI to use (regardless of the scope!).

* Doesn’t know that deleting a volume deletes the backups.

* Has no external backup story.

* Mixes staging and prod.

And then he blames the incident on other companies when he misuses their products. (Railway certainly had docs that explain their backups and tokens.)

This is catastrophically negligent.

Did the flow ask them explicitly for scopes? If not, then they should know there are no restrictions.

It also seems, from the post, that customers were "long asking for scoped tokens" so who and why assumed that this particular token can only add and remove custom domains?

The author is getting roasted here and not without reason.