/rewind in Claude Code is handy — roll the conversation back to an earlier point. But it doesn't only roll back code and chat. It also rolls back your settings.json. If you use a third-party model provider, that can silently switch your billing to a different provider — requests (and charges) quietly flowing somewhere you didn't intend, with no rewind on your part that you'd even remember doing.
First: /rewind reverts without showing you what it'll lose
Press Esc twice on an empty prompt and the rewind menu opens. The top option — selected by default — is "Restore code and conversation," and Enter runs it immediately. There's no preview of what will be lost (no diff, no list). So pressing Esc Esc (a reflex for clearing input) and then Enter can revert everything you changed after the chosen point (#64615).
The newer issue: it reverts settings.json too
The rewind checkpoint snapshots and restores your whole settings.json, env block included. If you switched providers with a tool like cc-switch, that block holds ANTHROPIC_BASE_URL, ANTHROPIC_AUTH_TOKEN, and ANTHROPIC_MODEL. A /rewind silently rolls them back to whatever they were at the checkpoint (#72125).
The scary part isn't lost code — it's that your requests, and your billing, can quietly route to a different provider than you think you're on. You may not have meant to rewind anything; the settings just travelled back in time.
What /rewind can't touch is your lever
The official docs (Checkpointing) frame checkpoints as "local undo" and Git as "permanent history." /rewind does not rewrite Git history. Anything you've git commit-ed survives a rewind. Same idea for settings: put the thing you care about somewhere /rewind can't reach, and it's safe.
How to protect yourself
Code — keep every edit in Git. Git is the layer /rewind can't rewrite, so if your work is committed you can always recover it via git reflog / git log --all. A hook that auto-commits on each edit (like auto-checkpoint.sh) keeps you in that state without thinking about it.
Settings — move provider vars out of settings.json. Set them as real shell environment variables instead:
# Git Bash: ~/.bashrc. Windows: user env vars via setx.
export ANTHROPIC_BASE_URL="https://your-provider/..."
export ANTHROPIC_AUTH_TOKEN="..."
export ANTHROPIC_MODEL="..."
Then delete those same keys from the env block in settings.json. Once they're not in settings.json, /rewind has nothing to revert — Claude Code reads them from the actual environment, so the env block is just a convenience. Your provider config now comes from the shell on every session, regardless of any rewind.
After a rewind, verify the real file if you're unsure:
grep -E 'ANTHROPIC_(BASE_URL|MODEL|AUTH_TOKEN)' ~/.claude/settings.json
The file contents are the evidence — not what the model says.
Summary
-
/rewindreverts code without confirmation, and revertssettings.jsontoo - With a third-party provider, that can silently switch your billing to a different provider
- Protect code with
git commit(and an auto-commit hook) — Git is the un-rewindable layer - Move provider vars to shell env and delete them from
settings.json— leave nothing to revert - If unsure after a rewind,
grepthe realsettings.json
These quiet, no-confirmation failures are the ones I keep designing around — I run Claude Code with real autonomy (800+ hours unattended) and keep the safety hooks I rely on in cc-safe-setup (npx cc-safe-setup, MIT, runs locally, sends nothing out).
Top comments (0)