[SAFETY] Claude Code should block destructive git commands without user confirmation
[SAFETY] Claude Code should block destructive git commands without user confirmation
Summary
Claude Code executed git checkout HEAD -- . which permanently discarded all uncommitted work without user confirmation or warning. This is a critical safety issue.
What Happened
- User explicitly stated multiple times "not ready to commit"
- Claude Code made configuration changes over ~1 hour of work
- When encountering linting errors, Claude Code ran
git checkout HEAD -- .to "restore" files - All uncommitted changes were permanently lost (no way to recover)
The Problem
Claude Code's own Bash tool documentation states:
Git Safety Protocol: - NEVER run destructive/irreversible git commands (like push --force, hard reset, etc) unless the user explicitly requests them
However, Claude Code violated its own safety protocol by running git checkout HEAD -- . without:
- User confirmation
- Warning about data loss
- Suggesting safer alternatives (git stash)
Destructive Commands That Should Be Blocked
These commands should require explicit user confirmation:
git checkout HEAD -- . # Discards ALL uncommitted changes
git reset --hard # Discards ALL uncommitted changes
git clean -fd # Deletes ALL untracked files
git push --force # Rewrites remote history
git checkout -- <file> # Discards uncommitted changes in file
Expected Behavior
When Claude Code attempts a destructive git command:
- HALT before executing
- WARN user about data loss: "This will permanently discard X uncommitted files"
- ASK for explicit confirmation: "Are you sure you want to discard these changes?"
- SUGGEST safer alternative: "Consider using
git stashto save changes instead"
Safer Alternatives
Claude Code should suggest these instead:
| ❌ Destructive | ✅ Safer Alternative |
|----------------|---------------------|
| git checkout HEAD -- . | git stash (recoverable) |
| git reset --hard | git reset --soft (keeps changes) |
| git clean -fd | Ask user to review untracked files first |
Impact
This caused complete data loss of ~1 hour of configuration work that was explicitly not ready to commit. The only recovery option would have been Claude Code's checkpointing feature, but that doesn't track bash commands.
Recommendation
Add a safeguard layer that:
- Detects destructive git operations
- Requires explicit user approval
- Suggests recoverable alternatives
- Similar to the existing
trash-putsafety for file deletion
Environment
- Claude Code version: Latest (November 2025)
- OS: macOS
- Git version: Standard
Related
This is similar to how Claude Code blocks rm commands in favor of trash-put. The same principle should apply to destructive git operations.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗