Developer Sam L (@samelldev) dropped a PSA on June 25th that's got the dev community buzzing: Claude Code v2.1.179 is silently committing session URLs into your git history by default. The tweet, which has racked up over 1.6K views, calls out what he describes as 'such a strange update, especially to default toggle on.' The issue appears to stem from how Anthropic's CLI tool logs activity, with session identifiers being written to repository metadata without explicit user consent.

What's Actually Happening

When Claude Code initializes or executes commands within a git-tracked directory, the agent is apparently writing session URLs—likely pointing to internal state or cloud-synced sessions—to .git-related files. This means anyone cloning or forking your repositories could potentially access links tied to your coding sessions. The problem isn't just theoretical; if these URLs persist in commit history, they'd survive repository wipes and fork chains, creating a long-tail privacy leak that's nearly impossible to fully remediate once introduced.

Why the Default Toggle Matters

The most concerning aspect of this bug is that it appears to be enabled by default in v2.1.179. Developers who routinely pull Anthropic updates without auditing every changelog could have been silently leaking session data for weeks. Unlike opt-in telemetry, which users can reject during setup, this behavior seems baked into the release. That's a significant shift from how Claude Code has historically handled logging and state management—and raises questions about whether this was intentional feature creep or an accidental regression.

What You Can Do About It

While Sam L's original post references 'copy paste in the comments to fix,' the actual workaround isn't detailed in the tweet itself. Standard remediation for git history leaks involves using git filter-repo or BFG Repo-Cleaner to strip sensitive data from commit history, followed by a force push. For immediate prevention, developers should audit their Claude Code configuration files and check for any session-related settings that might be writing to tracked directories. Review your .gitignore rules and consider adding Claude Code's local state directories if they aren't already excluded.

Key Takeaways

  • Claude Code v2.1.179 writes session URLs to git-tracked locations by default
  • Session identifiers could persist in repository history indefinitely
  • The behavior change appears to have shipped without clear user notification
  • Remediation requires rewriting git history and force-pushing affected repositories

The Bottom Line

This isn't a good look for Anthropic. Shipping behavior that exposes session data by default—without fanfare—is exactly the kind of trust-breaking move that drives developers toward competitors. Claude Code is solid tooling, but privacy snafus like this remind us that even well-funded AI companies can ship sloppy releases. Audit your repos, strip the history if needed, and keep an eye on what your tools are writing to disk.