Claude Code runs Git reset –hard origin/main against project repo every 10 mins

<- Back

Claude Code runs Git reset –hard origin/main against project repo every 10 mins

mthwsjc_

Comments (137)

kibwen
Let's focus on the real issue here, which is that HN has apparently normalized the double hyphen in the title to an en dash--yes, an en dash, not even an em dash.
Jarred
I spent some time investigating this, and the issue is not accurate - Claude Code itself does not have code that spawns `git reset --hard origin/main`Most likely, the developer ran `/loop 10m <prompt>` or asked claude to create a cron task that runs every 10 minutes and refreshes & resets git.
kccqzy
> Process monitoring at 0.1-second intervals found zero git processes around reset times.I don’t think this is a valid way of checking for spawned processes. Git commands are fast. 0.1-second intervals are not enough. I would replace the git on the $PATH by a wrapper that logs all operations and then execs the real git.
simianwords
I think this post potentially mischaracterises what may be a one off issue for a certain person as if it were a broader problem. I'm guessing some context has been corrupted?
lambda
Who would have guessed that running a binary blob dev tool, that is tied to a SaaS product, which was mostly vibe-coded, could lead to mysterious, hard to debug problems?
luxurytent
Not sure I understand, wouldn't permissions prevent this? The user runs with `--dangerously-skip-permissions` so they can expect wild behaviour. They should run with permissions and a ruleset.
mememememememo
As a side note. Always configure remote to reject any kind of trunk push. And ideally any forced push on branches.
1123581321
This looks similar to a bug report Claude Code offered to file for me after it became confused about my shell environment. The author is probably running something (maybe /loop as suggested in the comment.) In my case, a restart fixed the envs.
byearthithatius
Regardless of if this is common its getting popular because its objectively hilarious and we can all see it being possible.
nstj
As an FYI you can recover from force pushes to GitHub using their UI[0] or their API[1].And if you force push to one of your own machines you can use the reflog[2].[0]: https://stackoverflow.com/a/78872853 [1]: https://stackoverflow.com/a/48110879 [2]: https://stackoverflow.com/a/24236065
ghelmer
That is not my experience.
oelmgren
I'm curious how common this is or if this just affects this one user.
jrvarela56
It’s a feature not a bug!
Ryand1234
This is exactly why guardrails need to be deterministic and outside the model.
rkrbaccord94f
95+ entries that are logged at 10 min intervals/10 * * * /usr/ schedules script execution
simonw
Has anyone been able to replicate the behavior described in this issue yet?
nerolawa
Highly recommend to deny commands in user settings.json like git reset
chaos_emergent
Have you considered that Claude set up a crontab that does that programmatically? Every 10 mins seems awfully, idk, regular.
jxcole
The obvious solution is to just copy paste it into Claude itself and ask it to fix. Works for almost any Claude problem
anon
undefined
simianwords
Prompt injection?
whateveracct
that must be a very powerful claude.md
lqstuart
if an idea can't be vibecoded in under 10 minutes, it's not worth pursuing. Checks out
meltyness
is this token friendly?
meander_water
Probably does it to reduce context for regex/git history searches
gverrilla
obviously a user mistake, not a claude code bug
dboreham
But it doesn't.
anon
undefined
fragmede
While that's obviously a bug which should be fixed, having stuff just sitting around uncommitted for days (which is much longer than 10 mins) is an anti-pattern (that I used to fall into).
TZubiri
tbf, that's claude's workspacedo not share a workspace with the llm, or with anybody for that matter.How would the llm even distinguish what was wrote by them and what was written by you ?
irishcoffee
I’m having this weird vision of a “the matrix 3” type machine crawling around inside Microsoft’s GitHub servers central repository and just wreaking havoc.This whole LLM thing is a blast, huh?
nickphx
cool. if you choose to use a non-deterministic black box of bullshit, should you really be surprised when it shits all over your floor?
anvevoice
[dead]
imta71770
[dead]
MeetRickAI
[dead]
ryguz
[dead]
mistM
[dead]
xorgun
[dead]
draw_down
Hope they don’t auto-close this one in two weeks
claudiug
no more developers, all code is written alone /s
BoorishBears
Truly is a brave new world we're in-I guess some people are upset at my brave new world characterization, but even as someone deriving value from Claude Code we've jumped the shark on AI in development.The idea a natural request can get Claude to invoke potentially destructive actions on a timer is sillyhttps://code.claude.com/docs/en/scheduled-tasks#set-a-one-ti...What would it cost if the /loop command was required instead of optional?
throw5
Isn't this a natural consequence of how these systems work?The model is probabilistic and sequences like `git reset --hard` are very common in training data, so they have some probability to appear in outputs.Whether such a command is appropriate depends on context that is not fully observable to the system, like whether a repository or changes are disposable or not. Because of that, the system cannot rely purely on fixed rules and has to figure intent from incomplete information, which is also probabilistic.With so many layers of probabilities, it seems expected that sometimes commands like this will be produced even if they are not appropriate in that specific situation.Even a 0.01% failure rate due to context corruption, misinterpretation of intent, or guardrail errors would show up regularly at scale, that is like 1 in 10000 queries.
boutell
That's interesting man, that's pretty f***' interesting. I don't think I've seen it though. I've let it run for hours making changes overnight and I only do git operations manually.Oh, but maybe allowing it to do remote git operations is a necessary trigger.