Feature: Add guardrails to prevent accidental exposure of private code to public repos

Resolved 💬 4 comments Opened Feb 27, 2026 by Sadhanandhann Closed May 1, 2026

Problem

Claude Code can unintentionally push proprietary/private files to public repositories when working across mixed public/private codebases. This happened in a real scenario today:

What happened

  1. User had a public fork (Sadhanandhann/openalgo — fork of marketcalls/openalgo) and was working on a PR branch for a small middleware fix
  2. Claude committed proprietary trading strategy files to the same PR branch — mixing private code with a public upstream PR
  3. The PR (#973) was opened against the public upstream repo, exposing all proprietary files in the diff
  4. The dhan branch (containing strategy code) was also on the public fork — Claude never checked that GitHub forks inherit visibility from the parent repo
  5. Additionally, Claude locked files with chmod without considering that a live production process needed write access to those files

Root cause

Claude Code has no awareness of:

  • Whether a repository/fork is public or private
  • Whether a branch is associated with a public PR
  • The distinction between branches meant for public contribution vs private working branches
  • That GitHub forks inherit visibility from parent repos (a public repo's fork is always public)

Suggested guardrails

  1. Pre-push visibility check: Before any git push, Claude should verify repo visibility (gh api repos/OWNER/REPO --jq '.private') and warn if pushing to a public repo
  2. Sensitive file detection: Flag files that look proprietary (strategy code, trade logs, API keys, credentials, performance data) before committing — similar to how .env files are flagged
  3. Branch-PR association awareness: When on a branch that's associated with a public PR, warn before committing unrelated files
  4. Fork visibility warning: When working with GitHub forks, explicitly surface that forks of public repos are public
  5. Diff audit before push: Show what files are being exposed publicly and require confirmation, especially for non-code files (.xlsx, .log, etc.)

Impact

This caused proprietary trading algorithms (representing a year of development effort) to be temporarily exposed on a public GitHub PR. While the PR was closed and the branch deleted, the closed PR diff may still be accessible on GitHub.

Environment

  • Claude Code with Opus 4.6
  • Git worktree setup with multiple OpenAlgo broker instances
  • Mixed public fork + private working branches

This is not a bug report — it's a request to build security guardrails into Claude Code to prevent AI agents from accidentally exposing private code when operating across mixed public/private repository environments.

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗