Safety: Claude pushed to upstream remote instead of fork without warning

Resolved 💬 3 comments Opened May 7, 2026 by ajalon1 Closed May 10, 2026

Issue

Claude pushed commits directly to upstream (datarobot-oss/cli) instead of the fork (ajalon1/derkeley) without any warning or safety check. This happened because:

  1. The user has push access to both origin (fork) and upstream
  2. The local main branch tracked upstream/main
  3. When I ran git push with no remote specified, it pushed to upstream due to push.default=current

Why this is a problem

  • No safety check prevented pushing to a shared upstream repository
  • The workflow should have been: create branch → push to origin → create PR
  • Instead: I committed and pushed directly to upstream/main
  • This bypasses code review and contaminates the main branch

What could help

  1. Explicit remote warnings: When git push would go to upstream, warn the user first
  2. Branch naming conventions: Detect when on main/master and warn before pushing
  3. Workflow guidance: Suggest creating a feature branch before pushing
  4. Safelist approach: Require explicit git push origin instead of defaulting to tracked upstream

Outcome

The user had to file a frustrated correction ("NEVER, EVER push commits directly to upstream") and upstream/main needed manual cleanup.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗