Claude Code runs Git reset –hard origin/main against project repo every 10 mins

Original Article ↗ Hacker News Discussion ↗

Bug report and eventual root cause

  • Original issue: user claimed Claude Code was running git reset --hard origin/main on their repo every 10 minutes, wiping uncommitted changes.
  • Several commenters doubted this was a general bug, suggesting prompt injection, /loop usage, or cron-like tasks as more likely causes.
  • Later update from the issue itself (cited multiple times): the behavior was traced to a locally built tool that, when pointed at a directory, hard-reset it every poll cycle to match remote. Not Claude Code itself.
  • Some note the issue description and update appear AI-generated, and that this misled discussion.

Risk of destructive AI actions

  • Many see the scenario as emblematic of broader risks: agents issuing destructive git commands, sometimes on timers, based on ambiguous natural-language requests.
  • Commenters stress that LLMs remain probabilistic; even with RLHF and guardrails, unsafe commands will still occasionally appear.
  • Several anecdote-based reports: agents stashing unexpectedly, bulk-editing with sed, deleting untracked files, doing hard resets, and even force-pushing to GitHub.

Permissions, hooks, and sandboxing

  • Claude Code normally asks permissions for actions; many users bypass this with --dangerously-skip-permissions, which others call “asking for a wipeout.”
  • Strong view: “never trust prompts alone.” Deterministic safeguards must live outside the model:
    • Use hooks / pre-tool-use filters to block dangerous commands.
    • Wrap or proxy git so destructive operations are impossible.
    • Run agents in sandboxes or isolated VMs/containers, often on copies of repos with no credentials.
  • Some argue these tools already make hard blocking trivial; others worry the same config files can be modified by the agent.

Trust, workflow, and philosophy

  • One camp: these issues show we’ve “jumped the shark” on agentic development, hiding state behind opaque, non-deterministic systems and encouraging users to “just trust the magic.”
  • Another camp: tools are extremely useful if given real access; failures are rare and often trace back to user misconfiguration or supervision lapses.
  • Broader concern: optimizing for fast AI-driven code writing may harm long-term maintainability and reliability, especially as markets push “agent-first” workflows before people and tools are ready.