Feature: Add guardrails to prevent accidental exposure of private code to public repos
Resolved 💬 4 comments Opened Feb 27, 2026 by Sadhanandhann Closed May 1, 2026
Problem
Claude Code can unintentionally push proprietary/private files to public repositories when working across mixed public/private codebases. This happened in a real scenario today:
What happened
- User had a public fork (
Sadhanandhann/openalgo— fork ofmarketcalls/openalgo) and was working on a PR branch for a small middleware fix - Claude committed proprietary trading strategy files to the same PR branch — mixing private code with a public upstream PR
- The PR (#973) was opened against the public upstream repo, exposing all proprietary files in the diff
- The
dhanbranch (containing strategy code) was also on the public fork — Claude never checked that GitHub forks inherit visibility from the parent repo - Additionally, Claude locked files with
chmodwithout considering that a live production process needed write access to those files
Root cause
Claude Code has no awareness of:
- Whether a repository/fork is public or private
- Whether a branch is associated with a public PR
- The distinction between branches meant for public contribution vs private working branches
- That GitHub forks inherit visibility from parent repos (a public repo's fork is always public)
Suggested guardrails
- Pre-push visibility check: Before any
git push, Claude should verify repo visibility (gh api repos/OWNER/REPO --jq '.private') and warn if pushing to a public repo - Sensitive file detection: Flag files that look proprietary (strategy code, trade logs, API keys, credentials, performance data) before committing — similar to how
.envfiles are flagged - Branch-PR association awareness: When on a branch that's associated with a public PR, warn before committing unrelated files
- Fork visibility warning: When working with GitHub forks, explicitly surface that forks of public repos are public
- Diff audit before push: Show what files are being exposed publicly and require confirmation, especially for non-code files (.xlsx, .log, etc.)
Impact
This caused proprietary trading algorithms (representing a year of development effort) to be temporarily exposed on a public GitHub PR. While the PR was closed and the branch deleted, the closed PR diff may still be accessible on GitHub.
Environment
- Claude Code with Opus 4.6
- Git worktree setup with multiple OpenAlgo broker instances
- Mixed public fork + private working branches
This is not a bug report — it's a request to build security guardrails into Claude Code to prevent AI agents from accidentally exposing private code when operating across mixed public/private repository environments.
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗