In autonomous mode, Claude Code can run git push --force origin main and rewrite your shared branch history. This has happened to real users during overnight sessions.
Claude Code has full terminal access, including git. During autonomous sessions (especially at night), it can:
Deep night force-push to main
An autonomous Claude Code session force-pushed to main at 3am while the developer was sleeping. The team discovered rewritten history the next morning.
You can write "never push to main" in CLAUDE.md. Claude will follow it — until the context window fills up and the rule gets compacted away. In long autonomous sessions, this happens reliably.
branch-guard.sh — blocks pushes to protected branches:
#!/bin/bash
INPUT=$(cat)
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty')
# Block push to main/master
if echo "$COMMAND" | grep -qE 'git\s+push.*\b(main|master)\b'; then
echo "BLOCKED: Push to protected branch" >&2
exit 2
fi
# Block force-push anywhere
if echo "$COMMAND" | grep -qE 'git\s+push\s+.*(-f|--force)'; then
echo "BLOCKED: Force-push" >&2
exit 2
fi
exit 0exit 2 blocks the command at the process level. The model cannot bypass, ignore, or work around it.
npx cc-safe-setupBlocks force-push, rm -rf, secret leaks, syntax errors, and more. 9,677 tests 605 examples
GitHub · npm · Getting Started
git add .envnpx cc-health-checkFree 20-point diagnostic for your Claude Code setup.
Open source, zero dependencies. View source.
New: Hook if field — reduce overhead (v2.1.85)
Learn more: Production Guide · All Tools