Allow Developer role read-only access to push_rule API endpoint
Problem to solve
Currently, the push_rule API endpoint (GET /projects/:id/push_rule) requires Maintainer role or above to access. This prevents developers from querying push rules before pushing code, whether as humans or via AI agents/flows.
Developers need read-only access to understand what push rules are configured on a project so they can:
- Validate their commits will pass push rule checks before pushing
- Understand project-specific requirements (commit message format, file restrictions, etc.)
- Enable AI agents and automation flows to check compliance before attempting operations
Intended users
- Sasha (Software Developer)
- Devon (DevOps Engineer)
- AI agents and automation flows running with Developer permissions
User experience goal
Developers should be able to programmatically query push rules via the API to understand project constraints without requiring Maintainer access.
Proposal
Enable read-only access to the push_rule API endpoint for users with Developer role or above:
-
GET /projects/:id/push_rule- should be accessible to Developer+ role
This allows developers to:
- Query push rules before pushing
- Validate commits against configured rules
- Enable automation and AI flows to check compliance
Permissions and Security
- Read-only access only (no modifications)
- Consistent with other read-only API endpoints available to Developers
- No security risk as push rules are project configuration, not sensitive data
Documentation
Update Project Push Rules API documentation to reflect Developer+ access for read operations.
What does success look like?
- Developers can call
GET /projects/:id/push_rulewithout Maintainer role - AI agents and automation flows can query push rules with Developer-level tokens
- Developers understand project push rule requirements before pushing
Edited by 🤖 GitLab Bot 🤖