4.3 Branch protection and source-control write scoping
4.3 Branch protection and source-control write scoping (max 2)
protected branches are locked against direct push and direct merge by any actor, including agents. All changes to protected branches flow through a PR; agents have unrestricted write access to feature/task branches, but write access to protected branches is structurally impossible, not merely discouraged
Levels
Level 0
No branch protection; agents (and humans) can push directly to `main`; the PR review gate (`PL2-external-pr-review`) is procedural only
Level 1
Branch protection enabled on `main` but inconsistently applied across repos or branches (e.g. `develop` unprotected); approval requirement exists but bypassable by repo admins without audit
Level 2
All protected branches locked across every repo: direct push blocked; merge requires at least one human approval OR an audited automated-merge rule; branches must be current with target at merge time (platform "require up to date before merging" OR merge queue that rebases and tests before merge); bypass requires explicit override with audit log. Agents are scoped to feature branches by platform-enforced rules, not convention
Level 3
Not applicable — this criterion caps at level 2.