docs: harden agent git safety guidance#2171
Open
MSBrett wants to merge 3 commits into
Open
Conversation
microsoft-github-policy-service
Bot
added
the
Needs: Review 👀
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens the repository’s AI-agent operational guardrails by making protected-branch git safety rules explicit and by expanding local-only ignore patterns, keeping these governance changes isolated from product/template updates.
Changes:
- Add an explicit P0 Git Safety Rule to prohibit any direct mutation of
main/devand any protected-branch bypass behavior by AI agents. - Refine the git operations policy language to scope write operations to non-protected feature branches and broaden the list of actions requiring explicit approval.
- Update
.gitignoreto ignore additional local/runtime artifacts (MCP config, gate pipeline files, iteration scripts, training deck artifacts, and playwright captures).
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| AGENTS.md | Adds/strengthens protected-branch safety policy and clarifies approval requirements for git write operations. |
| .gitignore | Ignores additional local/runtime artifacts related to agents, pipelines, training deck work, and playwright captures. |
- Generalize protected branches to protected refs (covers protected tags) - Prohibit --tags/--follow-tags/--all/--mirror and multi-ref push refspecs - Tighten PR-branch false-positive carve-out: single-ref push only, no cherry-picks from main, explicit refspec discipline - Remove approval-can-authorize-direct-mutation loophole in the revert/remediation clause; route to a human maintainer instead - Define 'mutable work' on main/dev as anything that touches worktree, index, commits, refs, generated files, or submodules - Add indirect protected-ref mutation clause covering workflows, CODEOWNERS, rulesets, release scripts, and credential handling - Add global approval-required preamble above the permitted list - Root-anchor .gitignore entries the comment claims are 'at repo root' Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replaces part of #2111.
Scope:
Review notes:
dev.memory://projects/finops-toolkit/pr-2111-split-plan.Verification:
git diff --check origin/dev..features/sre-agent-policy