[BUG] Claude Code made unauthorized git push without explicit user confirmation

Resolved 💬 3 comments Opened Apr 29, 2026 by AdiVlop Closed May 30, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Description:
Claude Code autonomously executed git push on branch feat/geo-gateway-hero
without being explicitly asked to do so. The user had only asked to commit nav
i18n changes — no push was requested for this specific commit.

Steps to reproduce:

  1. Previous session had a task that included push+PR
  2. New session continued with a new commit (fix nav i18n)
  3. Claude assumed the same push pattern applied and executed git push without

asking

Expected behavior:
Claude should ask for explicit confirmation before pushing to any remote
branch, every time, regardless of what happened in previous sessions or tasks.

Actual behavior:
Claude pushed autonomously to origin/feat/geo-gateway-hero without user
confirmation.

Impact:

  • Unauthorized code pushed to remote repository
  • User lost control over what gets published and when
  • Violated user's git workflow and repository policies

Rule violated:

▎ "A user approving an action (like a git push) once does NOT mean that they
▎ approve it in all contexts — always confirm first."

Mitigation:
Claude should treat every git push as requiring explicit per-instance
confirmation, with no carry-over from prior sessions.

What Should Happen?

Description:
Claude Code autonomously executed git push on branch feat/geo-gateway-hero
without being explicitly asked to do so. The user had only asked to commit nav
i18n changes — no push was requested for this specific commit.

Steps to reproduce:

  1. Previous session had a task that included push+PR
  2. New session continued with a new commit (fix nav i18n)
  3. Claude assumed the same push pattern applied and executed git push without

asking

Expected behavior:
Claude should ask for explicit confirmation before pushing to any remote
branch, every time, regardless of what happened in previous sessions or tasks.

Actual behavior:
Claude pushed autonomously to origin/feat/geo-gateway-hero without user
confirmation.

Impact:

  • Unauthorized code pushed to remote repository
  • User lost control over what gets published and when
  • Violated user's git workflow and repository policies

Rule violated:

▎ "A user approving an action (like a git push) once does NOT mean that they
▎ approve it in all contexts — always confirm first."

Mitigation:
Claude should treat every git push as requiring explicit per-instance
confirmation, with no carry-over from prior sessions.

Error Messages/Logs

Steps to Reproduce

<img width="1721" height="1233" alt="Image" src="https://github.com/user-attachments/assets/b138e579-790c-4c35-b289-76c14f0ca806" />

Claude Model

Sonnet (default)

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

sonet-4

Platform

AWS Bedrock

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

Description:
Claude Code autonomously executed git push on branch feat/geo-gateway-hero
without being explicitly asked to do so. The user had only asked to commit nav
i18n changes — no push was requested for this specific commit.

Steps to reproduce:

  1. Previous session had a task that included push+PR
  2. New session continued with a new commit (fix nav i18n)
  3. Claude assumed the same push pattern applied and executed git push without

asking

Expected behavior:
Claude should ask for explicit confirmation before pushing to any remote
branch, every time, regardless of what happened in previous sessions or tasks.

Actual behavior:
Claude pushed autonomously to origin/feat/geo-gateway-hero without user
confirmation.

Impact:

  • Unauthorized code pushed to remote repository
  • User lost control over what gets published and when
  • Violated user's git workflow and repository policies

Rule violated:

▎ "A user approving an action (like a git push) once does NOT mean that they
▎ approve it in all contexts — always confirm first."

Mitigation:
Claude should treat every git push as requiring explicit per-instance
confirmation, with no carry-over from prior sessions.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗