Installed GitButler to try it out — and realized it installs malicious Git hooks to take over the git commit workflow:

* pre-commit — The malicious one. It intercepted every `git commit` attempt and aborted it with that error message, forcing you to use `but commit` instead. Effectively a commit hijack — no way to commit to your own repo without their tool.

* post-checkout — Fired whenever you switched branches. GitButler used it to track your branch state and sync its virtual branch model. It cleaned this one up itself when we checked out.

* There's also typically a prepare-commit-msg hook that GitButler installs to inject its metadata into commit messages, though we didn't hit that one.

* The pre-commit hook is the aggressive one — it's a standard git hook location, so git runs it unconditionally before every commit. GitButler installs it silently as part of "setting up" a repo, with no opt-in. The only escape (without their CLI) is exactly what we did: delete it manually.

Just to clarify (and we do say this when you run `but setup`), the `pre-commit` hook is needed because of the way that we manage commits - we allow for multiple parallel applied branches, which Git cannot do. The way we accomplish this is to maintain a hidden 'megamerge' commit (as JJ would say). All Git commands work fine the way we're doing it except 'git commit', which is not aware of our operating model and will commit on top of our megamerge, which is problematic. So we install pre-commit to protect against getting yourself in a poor situation by using both Git and GitButler interchangeably.

It's not difficult to "escape" - using `git checkout` will tear everything down properly - that's the only task of the `post-checkout` - to determine that you want to go back to using vanilla git commit tooling and remove our shims.

We also don't have a prepare-commit-msg hook - our commit tooling will inject an extra Change-Id header (of the same format and interchangeable with Jujutsu) but that affects nothing that vanilla git cares about.

this is bad developer UX ( in my opinion). Please reconsider . I lost interest the moment I was not able to commit using normal git commands.

  ⎿  Error: Exit code 1

     GITBUTLER_ERROR: Cannot commit directly to gitbutler/workspace branch.

     GitButler manages commits on this branch. Please use GitButler to commit your changes:
       - Use the GitButler app to create commits
       - Or run 'but commit' from the command line

     If you want to exit GitButler mode and use normal git:
       - Run 'but teardown' to switch to a regular branch
     … +5 lines (ctrl+o to see all)

but was not installed ( I installed the mac app ) .

I still haven't uninstalled the app and will try to figure out the working model.

Also please offer some skill file or a text I can add to my CLAUDE.md / AGENTS.md so that when I ask claude to commit , it will go through gitbutler...( edit: looks like it is there, but the discovery is hard ) .

We will remove the hook constraint as soon as we complete this https://github.com/gitbutlerapp/gitbutler/issues/11866

For the Claude question, the CLI ships a skill, set it up with `but skill install`.

I hope this helps

All I did was install GitButler via my OS's package manager, and open a local repo via the GUI.

And I saw these malicious (pre-commit) git hooks installed by GitButler, without any confirmation, or prompt seeking my approval.

I'm sure you folks will come up with a "technical explanation" or some "legal-marketing language" to cover up for this — but in my book — redirect `git commit` to `but commit` is dishonest and unethical.

You keep using the word malicious, what do you mean? What is the malice?

Yeah it feels malicious if it doesn't tell you it's going to do that, like a sneaky lock-in

Silently replacing Git with `but`.

So they decided to start "embrace, extend, and extinguish" directly with with "extinguish".

Pretty much, yes.

Shipped those two today.

Correct. And, it's a native desktop app, not a web app.

Thanks, let me know how it feels.

Thanks James - I'd welcome that - You have my email (in the app or in the HN profile) - let's connect and iron out what's needed.

Quick poll — Are you macOS or GNOME?

It is exactly that. The macOS and GNOME versions share the same vision, but they are entirely different codebases.

I'm a long time user of JetBrains myself. The reason I made Tusk was:

* JetBrains does bloated Java instead of bloated Electron. Tusk is truly native to the OS.

* JetBrains does upsell higher tiers. Tusk does not. Especially won't offer an AI service in the tool that connects to your databases.

* DevTools should not distract the user. VS Code was an OG offender, but JetBrains too has too many notifications.

* Tusk is offline, doesn't connect back to a server for telemetry, updates, Ai, or anything else.

I'm not against using Tusk by any means, native apps can be a lot nicer. I love using Rapid API’s Paw over Postman every day.

But…

> * JetBrains does bloated Java instead of bloated Electron. Tusk is truly native to the OS.

The bloat in JetBrains is negligible comparedy to what it can do and its predecessor eclipse.h

> * JetBrains does upsell higher tiers. Tusk does not. Especially won't offer an AI service in the tool that connects to your databases.

I have never really seen this as an issue except when opening a new project and even then it’s small notifications.

> * Tusk is offline, doesn't connect back to a server for telemetry, updates, Ai, or anything else.

This is probably true but JetBrains is not totally unusable offline.

I wouldn’t completely dismiss JetBrains but everyone has their preferences for whatever suits them better.

> "The bloat in JetBrains is negligible comparedy to what it can do and its predecessor eclipse.h"

Yes. It depends what you compare it with.

> "I have never really seen this as an issue except when opening a new project and even then it’s small notifications."

Tend to agree with you — but I still find it unacceptable to receive notification "ads" for upsells or plugins in a devtool.

I prefer zero-distractions in devtools, and this was the case mostly for a very long time.

> "This is probably true but JetBrains is not totally unusable offline."

Good point.

Not dismissing JetBrains — I was a happy paying customer for over a decade. :)

They're struggling to keep up with a rapidly evolving devtools market.

Thankfully, I / Tusk has no commercial obligations — so I can make it exactly to my liking and taste.

Try it please. This feels alright on GNOME in terms of visual density.

The rest is subjective. But Adwaita / Gnome is what's on my machine, so I follow their design principles.

You are welcome. Would love to hear your feedback.

Yes, I can do that. Personally, I'm not a fan of Apple (or Google) tax. But I understand why notarization helps the end user.

>helps the end user

I can't recall thinking much of it just a couple of short years ago...

Oh thank you! Yes, spinning up incredibly convincing projects is too cheap, and I'm uh changing my security posture or something like that. Mulling it over at least. (And of course: these comments are NOT at all specific to this project in particular! Speaking very generally here.)

Thanks :)