[factorialboy]

Installed GitButler to try it out — and realized it installs malicious Git hooks to take over the git commit workflow:

* pre-commit — The malicious one. It intercepted every `git commit` attempt and aborted it with that error message, forcing you to use `but commit` instead. Effectively a commit hijack — no way to commit to your own repo without their tool.

* post-checkout — Fired whenever you switched branches. GitButler used it to track your branch state and sync its virtual branch model. It cleaned this one up itself when we checked out.

* There's also typically a prepare-commit-msg hook that GitButler installs to inject its metadata into commit messages, though we didn't hit that one.

* The pre-commit hook is the aggressive one — it's a standard git hook location, so git runs it unconditionally before every commit. GitButler installs it silently as part of "setting up" a repo, with no opt-in. The only escape (without their CLI) is exactly what we did: delete it manually.

[schacon]

Just to clarify (and we do say this when you run `but setup`), the `pre-commit` hook is needed because of the way that we manage commits - we allow for multiple parallel applied branches, which Git cannot do. The way we accomplish this is to maintain a hidden 'megamerge' commit (as JJ would say). All Git commands work fine the way we're doing it except 'git commit', which is not aware of our operating model and will commit on top of our megamerge, which is problematic. So we install pre-commit to protect against getting yourself in a poor situation by using both Git and GitButler interchangeably.

It's not difficult to "escape" - using `git checkout` will tear everything down properly - that's the only task of the `post-checkout` - to determine that you want to go back to using vanilla git commit tooling and remove our shims.

We also don't have a prepare-commit-msg hook - our commit tooling will inject an extra Change-Id header (of the same format and interchangeable with Jujutsu) but that affects nothing that vanilla git cares about.

[ing33k]

this is bad developer UX ( in my opinion). Please reconsider . I lost interest the moment I was not able to commit using normal git commands.

  ⎿  Error: Exit code 1

     GITBUTLER_ERROR: Cannot commit directly to gitbutler/workspace branch.

     GitButler manages commits on this branch. Please use GitButler to commit your changes:
       - Use the GitButler app to create commits
       - Or run 'but commit' from the command line

     If you want to exit GitButler mode and use normal git:
       - Run 'but teardown' to switch to a regular branch
     … +5 lines (ctrl+o to see all)

but was not installed ( I installed the mac app ) .

I still haven't uninstalled the app and will try to figure out the working model.

Also please offer some skill file or a text I can add to my CLAUDE.md / AGENTS.md so that when I ask claude to commit , it will go through gitbutler...( edit: looks like it is there, but the discovery is hard ) .

[videlov]

We will remove the hook constraint as soon as we complete this https://github.com/gitbutlerapp/gitbutler/issues/11866

For the Claude question, the CLI ships a skill, set it up with `but skill install`.

I hope this helps

[factorialboy]

All I did was install GitButler via my OS's package manager, and open a local repo via the GUI.

And I saw these malicious (pre-commit) git hooks installed by GitButler, without any confirmation, or prompt seeking my approval.

I'm sure you folks will come up with a "technical explanation" or some "legal-marketing language" to cover up for this — but in my book — redirect `git commit` to `but commit` is dishonest and unethical.

[yard2010]

You keep using the word malicious, what do you mean? What is the malice?

[anentropic]

Yeah it feels malicious if it doesn't tell you it's going to do that, like a sneaky lock-in

[factorialboy]

Silently replacing Git with `but`.

[ivanjermakov]

So they decided to start "embrace, extend, and extinguish" directly with with "extinguish".

[factorialboy]

Pretty much, yes.