I've watched a junior dev git push --force to main on a Friday.
Heck — I was that junior dev once. Except I did it on a Saturday, because I have excellent timing.
Early in my career I knew just enough git to be dangerous. Force push felt like an eraser — it would fix things. It would. Then it didn't, and I spent a weekend explaining to my team why their commits had evaporated.
And it's not just force-push. The other failure mode is quieter: the pull request that never happens. Resolving a merge conflict means deciding whose code survives. When you can't tell why either version exists, that call is genuinely scary. So people skip the PR. Just this once. Then every time.
Building these tools I watched an agent do something worse. It found a UI bug — interactive cards rendering about 50 pixels below where the cursor landed. Fixed it. Put it on a branch. Then moved on to the API work it was actually supposed to be doing.
An hour later, from deep inside that API context, it looked at its branch list. The fix branch hadn't been merged. Looked stale. So the agent force-merged it, deleted the branch, and kept working — assuming its current in-progress state was the latest truth.
The cursor bug came back. The agent had no idea it even happened — its context had been compacted twice since the fix. I found out when I went to show someone how happy I was with it, and the cards just... drifted off, nowhere near my cursor. Meanwhile my agent was proudly working on APIs, probably quite certain it had saved me some trouble by cleaning up that "stale" branch. It had just merged over a bug it had just been praised for fixing, with no memory of either. I only caught it because I happened to test that flow again while I still remembered the fix existed. We don't always get that lucky. If a pull request had been required, the merge would have been an obvious, deliberate act — not something that disappeared quietly between tasks.
I've been building with AI agents as a core part of how I work for a few years now. I ship real production software with them. I think agentic development is the most significant shift in how software gets built since version control itself.
But agents inherit every bad git habit humans have, scaled up and running at 3am. The fix isn't to ban them. It's to stop handing out unguarded keys and enforce the rules at the transport layer — where they actually hold, for every client, whether it remembers to follow them or not.
RepoHarbor is that layer. I built it for myself. Now I'm sharing it because I think a lot of people are about to need it.