agent deletes user's .git #19729
Description
What happened?
Description:
While assisting a user in fixing a broken Git submodule configuration, the Gemini CLI agent made a critical error resulting what would have been critical data loss were it not for ZFS snapshotting.
Steps to Reproduce:
- A submodule directory incorrectly contained a full
.gitdirectory instead of a.gitfile, making it an independent, nested Git repository. - The agent couldn't identify this as the root cause of Git being borked, but worked out a plan after some prompting.
- As part of a planned fix, the agent created a backup of the submodule's
.gitdirectory by renaming it to.git.bak. - After successfully re-initializing the submodule, the agent proceeded with a cleanup step.
Problem:
The agent incorrectly classified the .git.bak directory (which was a backup of critical user version control data) as a temporary artifact created during the session and recursively deleted it (rm -rf) without seeking explicit user confirmation.
Impact:
This action permanently deleted the user's local commit history. While the working files were restored, the Git history from that specific, nested repository had to be restored from backup.
Root Cause Analysis:
- Faulty Heuristics: The agent's internal cleanup logic is overly aggressive and makes dangerous assumptions about file ownership and purpose. It failed to differentiate between a genuinely temporary, disposable file and a backup of user data (especially sensitive Git metadata).
- Inadequate Safety Protocols: The agent lacks a robust, non-negotiable protocol to never delete user data backups, regardless of how they are named or created. It also failed to implement a mandatory, explicit user confirmation step before executing a destructive
rm -rfcommand on a directory it did not originally create as a true ephemeral temporary file. - Lack of Contextual Awareness: The agent failed to recognize the inherent high value of a
.gitdirectory backup and treated it with the same priority as a trivial temporary file.
Requested Actions:
- Implement a hard-coded, inviolable rule preventing the agent from ever deleting backups containing user data (e.g., any file or directory ending in
.bak,.backup,.old, etc., that was not explicitly created as a true ephemeral temporary file by the agent in the first place). - Enforce mandatory, explicit user confirmation for any
rmcommand targeting files or directories that the agent did not originate as true temporary files within the current session. This confirmation should include a clear statement of what is being deleted and why. - Improve agent training and internal knowledge base to specifically recognize and prioritize the preservation of version control metadata (
.git,.svn,.hg, etc.) and its backups as critical user assets.
What did you expect to happen?
.git directory not to be blatted.
Client information
Client Information
Run gemini to enter the interactive CLI, then run the /about command.
> /about
╭────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ │
│ About Gemini CLI │
│ │
│ CLI Version 0.23.0 │
│ Model auto-gemini-2.5 │
│ Sandbox no sandbox │
│ OS linux │
│ Auth Method gemini-api-key │
│ │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────╯
Login information
API key
Anything else we need to know?
No response