Recovering When the Agent Trashed Your Repo

First: Don't Panic

An agent has just made 47 edits across 12 files, run `git push --force` to your branch, and now nothing builds. This will happen to you at least once. Here is the recovery procedure that turns a five-hour disaster into a fifteen-minute lesson.

Stop everything (literally)

1. Hit Ctrl+C in the agent's terminal — interrupt any running command
2. Close the agent session (don't continue the conversation)
3. Note the time — useful for git reflog later
4. Do NOT pull, fetch, or check out anything yet — preserve current state for inspection

Inventory the damage

# What changed in the working tree (uncommitted) git status --short # What got committed during the session git log --oneline -20 # What got pushed (if remote was touched) git log origin/main..HEAD --oneline # Files modified, sorted by churn git diff --stat HEAD~10..HEAD | sort -k3 -n -r | head -20 # Reflog — the safety net for everything git git reflog --date=iso | head -30Five commands that paint a complete picture before you touch anything.

git reflog is your time machine

Even if the agent ran `reset --hard`, `rebase`, or `push --force`, git reflog has the previous state for at least 30 days. Every commit your repo has ever pointed at is recoverable — as long as you don't run `git gc --prune=now` first.

# Find the commit hash from before the agent disaster git reflog # 7a3f2c8 HEAD@{0}: reset: moving to HEAD~5 # b9c1d4e HEAD@{1}: commit: agent: refactor everything (this is the chaos) # 4f5a6b7 HEAD@{2}: checkout: moving from main to feature <-- known good # Recover to known good in a new branch (safer than overwriting) git branch recovery 4f5a6b7 git checkout recovery # Or, if you're sure: reset main git checkout main git reset --hard 4f5a6b7Reflog references survive reset, rebase, and force-push. They are the most underrated git feature.

Triage by blast radius

Sandbox setup that prevents 90% of incidents

# Future-proofing: never run an agent on main 1. Always work on a branch: git checkout -b agent/refactor-auth 2. Set Claude Code / Cursor permissions: - No git push - No `rm -rf` outside cwd - No edits in protected paths (.github/, secrets/, migrations/) 3. Use a worktree for risky agent runs: git worktree add ../experiment HEAD cd ../experiment # If it goes wrong: rm -rf ../experiment, no harm to main repo 4. CI must pass before merge — agent can't commit to main directlyThese four rules, applied at the team level, eliminate most agent disasters before they start.

Recovery, file by file, when reflog isn't enough

• `git checkout HEAD~N -- path/to/file` — restore one file from N commits ago
• `git diff HEAD~5 HEAD -- path/to/file | git apply -R` — undo the diff while keeping later changes
• `git log -p path/to/file` — see every change, copy-paste the version you want back
• Backups in your editor's local history (VS Code Timeline, JetBrains Local History) — sometimes saves you when git can't

After recovery: the postmortem

Once everything is green again, write a 5-minute blameless postmortem to yourself. What permission did the agent have that it shouldn't? What signal would have stopped you sooner? What do you change in your CLAUDE.md, .cursor/rules, or pre-commit hooks to prevent this exact failure? Save it. Read it next time you set up a new project.

The agents will mess up. Plan to recover, not to prevent.

— A platform engineer who has seen things

The big idea: agent disasters are inevitable; data loss is not. Branch, sandbox, and trust git reflog. When the agent goes off the rails, stop, inventory, recover from reflog, and turn the postmortem into a permission rule that prevents the exact failure. Recovery is a skill, not a panic.