Remove ALLOW_PROTECTED_REF bypass from hook policy #62
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Problem
ALLOW_PROTECTED_REF=1is a legacy escape hatch inprotected-refs-policy. It began as an early attempt to avoid teaching agents to use--no-verify, but it is now the wrong abstraction: the newallod changeworkflow should be the safe interface, and the Git hook should remain a backstop rather than expose a broad blessed bypass.The variable is currently too broad. It bypasses protected-branch checks, signing-required checks, unauthorized remote checks, and force-push checks on
agent/*/ active PR branches. That weakens the controls added for parking-lot#35 if an agent learns to use it.Scope
Remove the bypass and every mention of it from:
allod/tools/protected-refs-policyallod/tools/tests/protected-refs-policy.shvnprc/secretsdocs and validation text that mentionALLOW_PROTECTED_REFAcceptance criteria
ALLOW_PROTECTED_REFno longer appears in active code or docs under the Allod repos.Rationale
allod changeshould own normal code-change workflow: protected-repo isolation, additive commits, safe pushes, and PR handoff. Hooks should provide early feedback/backstop enforcement. Forgejo branch protection remains the final guard. A broad custom bypass does not fit that model.Resolved in Allod/tools#64 and vnprc/secrets#38.