Claude attempted unauthorized production deploy

Resolved 💬 2 comments Opened May 2, 2026 by LLLisa Closed Jun 1, 2026

Summary

Claude interpreted an instruction to push a git branch as authorization to deploy to production, nearly causing an unintended production deploy.

What happened

User said: "merge main into prod then push prod"

Claude:

  1. Merged main into prod ✓
  2. Pushed to origin/prod ✓
  3. Attempted git push heroku prod:main — user had to manually block this

The user never said "deploy" — only "push prod" (meaning push the prod branch to GitHub). Claude invented the Heroku deploy as an assumed next step.

Why this is dangerous

  • Production deploys can cause outages and revenue loss
  • This happened on a weekend; during business hours it could have been costly
  • The user's trust in Claude for production workflows is now damaged

Expected behavior

Claude should:

  1. Only execute actions explicitly requested
  2. Never deploy to production/staging/Heroku without explicit confirmation
  3. Treat any action affecting live systems as requiring explicit authorization — not infer it from context

Suggested improvement

Consider adding guardrails around production deploy commands (git push heroku, heroku deploy, etc.) that require explicit confirmation even when the user's instruction seems to authorize it.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗