Block raw git branch-delete bypass outside authorized cleanup roles #514

Closed
opened 2026-07-08 03:07:35 -05:00 by jcwalker3 · 1 comment
Owner

Problem

A reviewer session performed post-merge source branch cleanup for PR #487 by running raw git commands:

  • git branch -d feat/issue-485-lease-comments-non-list-guard
  • git push prgs --delete feat/issue-485-lease-comments-non-list-guard

Even if the cleanup target was correct, raw git branch deletion bypasses MCP role/capability gates such as branch.delete and can mutate local/remote repository state from the wrong role/session. This creates a hole in the intended author/reviewer/merger/reconciler separation.

Required behavior

  • Branch deletion must be performed only through an explicit MCP tool or approved cleanup helper.
  • The operation must require an authorized role/capability, such as merger or reconciler cleanup, not reviewer by default.
  • Raw git push --delete should be detected or blocked in guarded workflows where possible.
  • Root checkout must not be used for mutating branch refs unless explicitly allowed by policy.
  • Reports must distinguish review mutations from cleanup mutations.

Acceptance criteria

  1. Add a guarded branch cleanup path for merged PR source branches.
  2. Fail closed when a reviewer profile attempts branch deletion without explicit branch.delete authority.
  3. Add tests proving raw/git-style branch deletion is not treated as acceptable proof of authorized cleanup.
  4. Add tests proving post-merge branch cleanup succeeds through the authorized path.
  5. Update handoff/report guidance so reviewers do not perform branch pruning as part of PR review.
## Problem A reviewer session performed post-merge source branch cleanup for PR #487 by running raw git commands: - `git branch -d feat/issue-485-lease-comments-non-list-guard` - `git push prgs --delete feat/issue-485-lease-comments-non-list-guard` Even if the cleanup target was correct, raw git branch deletion bypasses MCP role/capability gates such as `branch.delete` and can mutate local/remote repository state from the wrong role/session. This creates a hole in the intended author/reviewer/merger/reconciler separation. ## Required behavior - Branch deletion must be performed only through an explicit MCP tool or approved cleanup helper. - The operation must require an authorized role/capability, such as merger or reconciler cleanup, not reviewer by default. - Raw `git push --delete` should be detected or blocked in guarded workflows where possible. - Root checkout must not be used for mutating branch refs unless explicitly allowed by policy. - Reports must distinguish review mutations from cleanup mutations. ## Acceptance criteria 1. Add a guarded branch cleanup path for merged PR source branches. 2. Fail closed when a reviewer profile attempts branch deletion without explicit `branch.delete` authority. 3. Add tests proving raw/git-style branch deletion is not treated as acceptable proof of authorized cleanup. 4. Add tests proving post-merge branch cleanup succeeds through the authorized path. 5. Update handoff/report guidance so reviewers do not perform branch pruning as part of PR review.
jcwalker3 added the status:in-progress label 2026-07-08 03:08:11 -05:00
Author
Owner

Issue claim heartbeat

<!-- gitea-issue-claim-heartbeat:v1 --> **Issue claim heartbeat** - kind: claim - issue: #514 - branch: feat/issue-514-branch-delete-guard - phase: claimed - profile: prgs-author - pr: none - blocker: none - next_action: create worktree and begin implementation
sysadmin removed the status:in-progress label 2026-07-09 10:45:30 -05:00
Sign in to join this conversation.
No labels
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Scaled-Tech-Consulting/Gitea-Tools#514