[BUG] CCR routine git push always fails with HTTP 403 from internal git proxy (127.0.0.1)
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
CCR routine push to GitHub is intermittently failing. Each CCR session gets its
own ephemeral git proxy port (e.g., 127.0.0.1:33387 worked; 127.0.0.1:37495
fails). When a session's proxy instance is broken, every push attempt returns
HTTP 403 regardless of retries. Clone and fetch still work through the broken
proxy — only push is affected. Since the port is session-assigned and the session
is isolated, there's no way to recover the unpushed commits.
What Should Happen?
The CCR runtime's git proxy should authenticate and forward push requests to
GitHub successfully, just as it handles clone/fetch.
Error Messages/Logs
Pushing to http://127.0.0.1:37495/git/AgedToCommit/ai-news
POST git-receive-pack (15651 bytes)
error: RPC failed; HTTP 403 curl 22 The requested URL returned error: 403
send-pack: unexpected disconnect while reading sideband packet
fatal: the remote end hung up unexpectedly
Everything up-to-date
Steps to Reproduce
- Create a CCR routine with a GitHub repo source
(https://github.com/AgedToCommit/ai-news)
- In the routine prompt, have the agent write a file, commit it, and run: git
push origin main
- Trigger the routine (manually or via schedule)
- Observe HTTP 403 from 127.0.0.1:37495 on every push attempt
- Confirmed reproducible across 3+ triggered runs of routine ID:
trig_013cPRw6EBv5GHd8WVXA7Ke3
Claude Model
Opus
Is this a regression?
Yes, this worked in a previous version
Last Working Version
_No response_
Claude Code Version
2.1.138 (Claude Code)
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
VS Code integrated terminal
Additional Information
Push worked on earlier runs of this same routine and repo. This appears to be a
regression in the CCR proxy's write/push authorization. The proxy handles reads
correctly.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗