Given / When / Then
Given an adopter runs /split-portfolio to create a private portfolio repo
When the repo is created and configured
Then no branch protection is set up on the new repo's main branch, allowing direct pushes that bypass the PR workflow
Repro
- Run
/split-portfolio to create a private portfolio repo
- Check
gh api repos/<owner>/<portfolio>/branches/main/protection
- No protection rules exist
Expected
/split-portfolio should:
- Attempt to enable branch protection via
gh api repos/.../branches/main/protection -X PUT
- If the GitHub plan doesn't support it (free plan + private repo → 403), print a warning explaining the limitation
- Document that agent-side enforcement (
block-main-push.sh) is the only gate on free plans
Severity
Medium — the agent-side hook catches most cases, but direct git push to main from a non-Claude terminal is ungated.
Given / When / Then
Given an adopter runs
/split-portfolioto create a private portfolio repoWhen the repo is created and configured
Then no branch protection is set up on the new repo's
mainbranch, allowing direct pushes that bypass the PR workflowRepro
/split-portfolioto create a private portfolio repogh api repos/<owner>/<portfolio>/branches/main/protectionExpected
/split-portfolioshould:gh api repos/.../branches/main/protection -X PUTblock-main-push.sh) is the only gate on free plansSeverity
Medium — the agent-side hook catches most cases, but direct
git pushto main from a non-Claude terminal is ungated.