Claude Code runs Git reset –hard origin/main against project repo every 10 mins

BoorishBears

Truly is a brave new world we're in - I guess some people are upset at my brave new world characterization, but even as someone deriving value from Claude Code we've jumped the shark on AI in development. The idea a natural request can get Claude to invoke potentially destructive actions on a timer is silly https://code.claude.com/docs/en/scheduled-tasks#set-a-one-ti... What would it cost if the /loop command was required instead of optional?

boutell

That's interesting man, that's pretty f***' interesting. I don't think I've seen it though. I've let it run for hours making changes overnight and I only do git operations manually. Oh, but maybe allowing it to do remote git operations is a necessary trigger.

simianwords

Prompt injection?

jrvarela56

It’s a feature not a bug!

nickphx

cool. if you choose to use a non-deterministic black box of bullshit, should you really be surprised when it shits all over your floor?

whateveracct

that must be a very powerful claude.md

throw5

Isn't this a natural consequence of how these systems work? The model is probabilistic and sequences like `git reset --hard` are very common in training data, so they have some probability to appear in outputs. Whether such a command is appropriate depends on context that is not fully observable to the system, like whether a repository or changes are disposable or not. Because of that, the system cannot rely purely on fixed rules and has to figure intent from incomplete information, which is also probabilistic. With so many layers of probabilities, it seems expected that sometimes commands like this will be produced even if they are not appropriate in that specific situation. Even a 0.01% failure rate due to context corruption, misinterpretation of intent, or guardrail errors would show up regularly at scale, that is like 1 in 10000 queries.

luxurytent

Not sure I understand, wouldn't permissions prevent this? The user runs with `--dangerously-skip-permissions` so they can expect wild behaviour. They should run with permissions and a ruleset.

meander_water

Probably does it to reduce context for regex/git history searches

claudiug

no more developers, all code is written alone /s

simianwords

I think this post potentially mischaracterises what may be a one off issue for a certain person as if it were a broader problem. I'm guessing some context has been corrupted?

ghelmer

That is not my experience.

TZubiri

tbf, that's claude's workspace do not share a workspace with the llm, or with anybody for that matter. How would the llm even distinguish what was wrote by them and what was written by you ?

oelmgren

I'm curious how common this is or if this just affects this one user.

draw_down

Hope they don’t auto-close this one in two weeks

fragmede

While that's obviously a bug which should be fixed, having stuff just sitting around uncommitted for days (which is much longer than 10 mins) is an anti-pattern (that I used to fall into).

kccqzy

> Process monitoring at 0.1-second intervals found zero git processes around reset times. I don’t think this is a valid way of checking for spawned processes. Git commands are fast. 0.1-second intervals are not enough. I would replace the git on the $PATH by a wrapper that logs all operations and then execs the real git.

byearthithatius

Regardless of if this is common its getting popular because its objectively hilarious and we can all see it being possible.

meltyness

is this token friendly?

irishcoffee

I’m having this weird vision of a “the matrix 3” type machine crawling around inside Microsoft’s GitHub servers central repository and just wreaking havoc. This whole LLM thing is a blast, huh?