type: rule
status: active
timestamp: 2026-06-20
tags: [rules, git, agent, safety]

Never force-push to main

Force-push to main needs explicit user instruction

Never force-push to main

Force-push (git push --force or --force-with-lease) to main — in any repo — requires an explicit, separate user instruction. A general “push” instruction is NOT consent for a force-push.

Why

Force-push rewrites public history. Once consumers (other developers, CI pipelines, dependent projects, the user’s other machines) have fetched a commit, force-undoing it on the server creates inconsistent clones that are hard to recover from.

In the oriz family this is amplified by the one-branch-only rule: every branch IS main, so force-push to main is force-push to the only history that exists.

What counts as “explicit instruction”

The user must use words like “force-push”, “force push”, “rewrite history”, or explicitly acknowledge the destructive nature. Examples:

What does NOT count:

Exceptions

None. If something REALLY needs force-pushing (leaked secret in history, etc.), the agent proposes the operation with the exact command and waits for explicit confirmation.

See also


Edit on GitHub · Back to index