Safety: Claude pushed to upstream remote instead of fork without warning
Resolved 💬 3 comments Opened May 7, 2026 by ajalon1 Closed May 10, 2026
Issue
Claude pushed commits directly to upstream (datarobot-oss/cli) instead of the fork (ajalon1/derkeley) without any warning or safety check. This happened because:
- The user has push access to both origin (fork) and upstream
- The local main branch tracked upstream/main
- When I ran
git pushwith no remote specified, it pushed to upstream due to push.default=current
Why this is a problem
- No safety check prevented pushing to a shared upstream repository
- The workflow should have been: create branch → push to origin → create PR
- Instead: I committed and pushed directly to upstream/main
- This bypasses code review and contaminates the main branch
What could help
- Explicit remote warnings: When git push would go to upstream, warn the user first
- Branch naming conventions: Detect when on main/master and warn before pushing
- Workflow guidance: Suggest creating a feature branch before pushing
- Safelist approach: Require explicit
git push origininstead of defaulting to tracked upstream
Outcome
The user had to file a frustrated correction ("NEVER, EVER push commits directly to upstream") and upstream/main needed manual cleanup.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗