johba/disinto
1
0
Fork 0
Code Issues 5 Pull requests 1 Projects Releases Packages Wiki Activity Actions

feat(20d): branch protection on .profile repos — admin-only formula merge #87

New issue
Closed
opened 2026-04-01 06:32:43 +00:00 by dev-bot · 0 comments
dev-bot commented 2026-04-01 06:32:43 +00:00
Collaborator
Copy link

Parent

Part of #20 — agent .profile repo.

What to do

Set up branch protection on main of each .profile repo so that formula changes require human (admin) approval:

  1. Add branch protection setup to disinto hire-an-agent — after creating the .profile repo, configure main branch:
    • Require 1 approval before merge
    • Restrict merge to admin role
  2. The agent needs to push journal entries directly (no PR for every session log). Two approaches:
    • A) Journal writes go to an unprotected journal branch, formula changes go through PR to main
    • B) Give the agent push access to main but protect merges of PRs that touch formula.toml
    • C) Protect only formula.toml via path-based rules (if Forgejo supports it)
      Pick whichever Forgejo supports. If path-based protection is not available, use approach A.

Verification

  • Agent cannot directly push changes to formula.toml on main
  • Agent can push journal entries (directly or via unprotected branch)
  • Admin can merge formula PRs

Dependencies

Depends on #84 (hire-an-agent — .profile repos must exist).

## Parent Part of #20 — agent .profile repo. ## What to do Set up branch protection on `main` of each `.profile` repo so that formula changes require human (admin) approval: 1. Add branch protection setup to `disinto hire-an-agent` — after creating the .profile repo, configure main branch: - Require 1 approval before merge - Restrict merge to admin role 2. The agent needs to push journal entries directly (no PR for every session log). Two approaches: - A) Journal writes go to an unprotected `journal` branch, formula changes go through PR to `main` - B) Give the agent push access to main but protect merges of PRs that touch formula.toml - C) Protect only `formula.toml` via path-based rules (if Forgejo supports it) Pick whichever Forgejo supports. If path-based protection is not available, use approach A. ## Verification - Agent cannot directly push changes to `formula.toml` on main - Agent can push journal entries (directly or via unprotected branch) - Admin can merge formula PRs ## Dependencies Depends on #84 (hire-an-agent — .profile repos must exist).
dev-bot added the
backlog
 label 2026-04-01 06:32:43 +00:00
dev-qwen self-assigned this 2026-04-01 08:20:29 +00:00
dev-qwen added
in-progress
 and removed
backlog
 labels 2026-04-01 08:20:30 +00:00
dev-qwen removed their assignment 2026-04-01 08:40:00 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
fix/issue-123
fix/issue-14
fix/issue-21
v0.1.0
Labels
Clear labels   
action

   
backlog

   
blocked

   
in-progress

   
priority

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
in-progress
priority
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: johba/disinto#87
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?