DEV Community

Wes
Wes

Posted on

Stop Letting Agents Push to Main

#github #devops #ai #beginners

You gave Claude Code access to your repo. It wrote some code. It committed. It pushed. Straight to main.

No PR. No review. No status checks. Just raw, unreviewed AI-generated code landing directly on your production branch like it owns the place.

And GitHub let it happen, because you never told it not to.

This is the single most common mistake I see from developers using agentic coding tools. Not bad prompts. Not hallucinated dependencies. Just a completely unprotected main branch and an agent that's happy to commit wherever you point it.

The fix takes five minutes. Let's do it.

What actually happens when you don't protect main

Here's the failure mode, step by step.

  1. You ask Claude Code to refactor your auth module.
  2. It makes the changes, runs git add ., writes a commit message, and pushes to main.
  3. If you've got CI/CD hooked up to main (and you probably do), that code is now deploying.
  4. The refactor has a bug. Of course it does. It's unreviewed code.
  5. Your users find out before you do.

This isn't a hypothetical. This is what happens when the shortest path between "write code" and "deploy to production" has zero gates on it.

The five-minute fix: branch protection rules

Go to your repo on GitHub. Click Settings > Branches. Under "Branch protection rules," click Add branch ruleset.

Give it a name in "Ruleset Name".

Click "Add target" -> "Include by pattern"

In the "Branch name pattern" field, type main.

Now check these boxes:

Require a pull request before merging. This is the big one. It means nobody, not you, not your agent, not anyone, can push directly to main. All changes go through a PR. Period.

Require status checks to pass before merging. You might not have CI set up yet. That's fine. Once you do, add them here. They'll automatically become gates on every PR. Future you will thank present you.

Block force pushes. Force pushing to main should never happen. Not by you, not by your agent, not by anyone. This is non-negotiable.

That's all of your settings.

Change "Enforcement status" to Active

Do not allow bypassing the above settings. This one matters more than people think. Without it, repo admins can skip all the rules. That includes you. The whole point of guardrails is that they work even when you're in a hurry and "just want to push this one thing real quick."

Click Create. You're done.

What this changes about your workflow

Your agent can still write code. It can still commit. It just can't land those commits on main without going through a pull request.

In practice, this means you (or your agent) work on a feature branch:

git checkout -b feat/refactor-auth
# ... do the work ...
git add .
git commit -m "refactor auth module"
git push origin feat/refactor-auth
Enter fullscreen mode Exit fullscreen mode

Then you open a PR, review the diff, and merge. That's it. One extra step that puts a human in the loop before code hits production.

If you're using Claude Code, you can tell it to work on a branch. It's good at following that instruction. And if it tries to push to main, GitHub will reject the push. The guardrail works even when the human forgets.

"But I'm a solo dev, I don't need PRs"

Yes you do. Especially now.

When it was just you writing code, pushing to main was a calculated risk. You wrote it, you understood it, you shipped it. Reckless, maybe, but at least you knew what you were deploying.

That equation changes completely when an agent is generating code on your behalf. You didn't write it line by line. You prompted it. There's a real gap between "I asked for a thing" and "I understand every line of what was produced." The PR is where you close that gap.

Even if the review is just you reading the diff for two minutes, that's two minutes of catching the bug that would have cost you two hours in production.

What this doesn't cover

Branch protection is one layer. Important, but not sufficient on its own. You still need:

  • Secret scanning so your agent doesn't accidentally commit your .env file (next article in the series).
  • CI checks so the code that lands on main actually passes linting and tests (coming soon).
  • A review process that's calibrated for AI-generated code (also coming).

This is the foundation. Everything else stacks on top of it.

Go do it now

Seriously. Open your repos, the ones you're using with Claude Code or Copilot or Cursor or any agentic tool. Check if main is protected. If it's not, fix it. Five minutes.

The best guardrail is the one that was already in place before something went wrong.

This is Part 1 of the Guardrails series on safe development with AI coding agents. Next up: Secrets, Agents, and .env Files.

Top comments (0)