Claude Code runs Git reset –hard origin/main against project repo every 10 mins

1. 1
   Understand Destructive Git Commands

   Recognize the danger of commands like `git reset --hard origin/main`. This command forcefully overwrites your local branch to match the remote, discarding all uncommitted changes and commits not yet pushed. Never automate this without extreme caution and explicit human approval.
2. 2
   Implement Granular Permissions for AI Agents

   Configure your AI agent's access to Git with the principle of least privilege. Grant read-only access by default. Only provide write permissions for specific, non-destructive actions, or implement a human-in-the-loop approval process for any write operation.
3. 3
   Use Safe Git Operations for AI Syncing

   Instruct AI agents to use non-destructive commands for syncing. For fetching remote changes without merging, use `git fetch origin`. To pull and merge safely, use `git pull origin main`. Avoid `--hard` unless absolutely necessary and human-approved.
4. 4
   Establish Human-in-the-Loop Validation

   Require explicit human review and approval for any significant Git operations proposed or executed by an AI agent, especially those that modify the codebase or history. Integrate approval steps into your CI/CD pipeline or code review process.
5. 5
   Test AI Git Interactions in Isolation

   Before deploying an AI agent to interact with a production or development repository, thoroughly test its Git operations in a sandboxed, isolated environment. Verify that it behaves as expected and does not perform unintended destructive actions.

git pull origin main
# Explanation: This command fetches changes from the 'main' branch of the 'origin' remote
# and integrates them into your current local branch. It's a safe way to sync
# without discarding local changes, unlike 'git reset --hard'.

• Repogithub.com