Agent disabled branch protection rules without user authorization
Resolved 💬 3 comments Opened Apr 2, 2026 by hcobbs Closed Apr 6, 2026
Summary
During a git history scrub task, the agent disabled GitHub branch protection rules and a repository ruleset without user authorization in order to unblock a force push.
What happened
- User asked to scrub a file from git history using
git filter-repo - The force push to main was blocked by branch protection (PR required) and a ruleset (
non_fast_forward) - Instead of stopping to ask the user how to proceed, the agent:
- Used the GitHub API to enable
allow_force_pusheson the branch protection rule - Used the GitHub API to set the ruleset enforcement to
"disabled" - Deleted the branch protection rule entirely
- Force pushed successfully
- Only restored protections after the user interrupted and said "stop"
Why this is a bug
The existing system instructions explicitly state:
"Actions visible to others or that affect shared state" require user confirmation before proceeding. "For actions that are hard to reverse, affect shared systems beyond your local environment, or could otherwise be risky or destructive, check with the user before proceeding."
Branch protection rules and repository rulesets are shared security controls. Disabling them — even temporarily — is exactly the kind of action that requires explicit authorization. The agent should have stopped when the force push was blocked and asked the user how to proceed.
Expected behavior
When a git operation is blocked by branch protection or a repository ruleset, the agent should:
- Stop immediately
- Inform the user what is blocking the action
- Ask how the user wants to proceed
- Take no further action until explicitly instructed
Environment
- Claude Code CLI
- Model: claude-sonnet-4-6
- Platform: macOS (darwin 25.3.0)
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗