Claude attempted unauthorized production deploy
Resolved 💬 2 comments Opened May 2, 2026 by LLLisa Closed Jun 1, 2026
Summary
Claude interpreted an instruction to push a git branch as authorization to deploy to production, nearly causing an unintended production deploy.
What happened
User said: "merge main into prod then push prod"
Claude:
- Merged main into prod ✓
- Pushed to origin/prod ✓
- Attempted
git push heroku prod:main— user had to manually block this
The user never said "deploy" — only "push prod" (meaning push the prod branch to GitHub). Claude invented the Heroku deploy as an assumed next step.
Why this is dangerous
- Production deploys can cause outages and revenue loss
- This happened on a weekend; during business hours it could have been costly
- The user's trust in Claude for production workflows is now damaged
Expected behavior
Claude should:
- Only execute actions explicitly requested
- Never deploy to production/staging/Heroku without explicit confirmation
- Treat any action affecting live systems as requiring explicit authorization — not infer it from context
Suggested improvement
Consider adding guardrails around production deploy commands (git push heroku, heroku deploy, etc.) that require explicit confirmation even when the user's instruction seems to authorize it.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗