disinto-ops/vault/pending/disinto-ops-branch-protection.md

Request: Remove or relax ops repo branch protection for agent writes

What

The ops repo (disinto-ops) has branch protection on main that requires approvals, but no bot account has sufficient permissions to merge. The planner-bot has push access but cannot merge. The review-bot can approve but cannot push or merge. No admin token is available to agents.

This means prerequisites.md, knowledge/planner-memory.md, and vault items have been accumulating only locally since planner run 2 (2026-04-08). The remote origin/main is frozen.

Why

Blocks #758 (ops repo branch protection), which blocks ALL agent ops-repo writes: planner prerequisite tree, planner memory, evidence collection, vault pending items. Every agent that writes to the ops repo is silently failing.

Downstream: blocks website observability (#426), collect-engagement (#745), and the entire evidence pipeline.

Waiting since 2026-04-08 (first observed planner run 2).

Human action

1. In Forgejo, go to disinto-ops → Settings → Branch Protection → main
2. Either:
   • Option A (recommended): Remove branch protection from disinto-ops entirely — the ops repo is an internal artifact, not production code. Agent writes should flow freely.
   • Option B: Add planner-bot and dev-bot to the push/merge allowlist so they can push directly to main.
3. Verify by running: cd disinto-ops && git push origin main from the agents container.

Factory will then

• Planner will push prerequisite tree updates and memory to origin/main
• Evidence collection (#745) will unblock — collect-engagement formula can commit to ops repo
• Vault pending items will be visible on the remote for human review
• All agents writing to ops repo will resume normal operation

Unblocks

• #758 — ops repo branch protection blocks all agent writes
• #745 — collect-engagement formula (indirectly, if the no_push is ops-related)
• #426 — website observability (downstream)