Block remote branch deletion and improve force push messages#39
Block remote branch deletion and improve force push messages#39AnExiledDev merged 2 commits intomainfrom
Conversation
- Block `git push origin --delete` and colon-refspec deletion — deleting remote branches closes associated PRs, which is not recoverable - Block `--force-with-lease` — was bypassing the regex due to word boundary matching; all force push variants now blocked uniformly - Force push error message now suggests `git merge` as the correct workaround instead of leaving the agent to improvise - Fix README: error handling documented as "fails open" but code actually fails closed
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review infoConfiguration used: defaults Review profile: CHILL Plan: Pro 📒 Files selected for processing (1)
✅ Files skipped from review due to trivial changes (1)
📝 WalkthroughWalkthroughEnhances the Dangerous Command Blocker: adds a FORCE_PUSH_SUGGESTION message recommending Changes
Sequence Diagram(s)sequenceDiagram
autonumber
participant Dev as Developer (git push)
participant Hook as Dangerous Command Blocker (pre-push hook)
participant Remote as Remote/PR System
Dev->>Hook: git push [possibly force / delete]
alt Matches FORCE_PUSH_SUGGESTION patterns
Hook->>Dev: Block with FORCE_PUSH_SUGGESTION message (suggest git merge)
else Matches remote-deletion patterns
Hook->>Dev: Block with remote-branch-deletion message (notes PR closure)
else No match
Hook->>Remote: Forward push
Remote->>Dev: Success / PR updated
end
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~22 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.devcontainer/CHANGELOG.md (1)
5-11: Consider reorganizing entries by change type.Per coding guidelines, changelog entries should be grouped under appropriate headings. Currently all entries are under
### Fixed, but:
- "Block remote branch deletion" (line 10) introduces new blocking behavior — this is an addition, not a fix. Consider moving to
### Added.- "Force push block now suggests
git merge" (line 8) improves an existing message — this could be### Changed.The other two entries (blocking
--force-with-leaseand fixing README documentation) are correctly categorized as fixes.As per coding guidelines: "Group changelog entries under appropriate headings:
### Added,### Changed,### Fixed, or### Removed"📝 Suggested reorganization
## [Unreleased] +### Added + +#### Dangerous Command Blocker +- **Block remote branch deletion** — `git push origin --delete` and colon-refspec deletion (`git push origin :branch`) now blocked; deleting remote branches closes associated PRs + +### Changed + +#### Dangerous Command Blocker +- **Force push block now suggests `git merge` as workaround** — error message explains how to avoid diverged history instead of leaving the agent to improvise destructive workarounds + ### Fixed #### Dangerous Command Blocker -- **Force push block now suggests `git merge` as workaround** — error message explains how to avoid diverged history instead of leaving the agent to improvise destructive workarounds - **Block `--force-with-lease`** — was slipping through regex; all force push variants now blocked uniformly -- **Block remote branch deletion** — `git push origin --delete` and colon-refspec deletion (`git push origin :branch`) now blocked; deleting remote branches closes associated PRs - **Fixed README** — error handling was documented as "fails open" but code actually fails closed; corrected to match behavior🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.devcontainer/CHANGELOG.md around lines 5 - 11, Move the changelog entries into proper headings: create a `### Added` section and move the "Block remote branch deletion — `git push origin --delete` and colon-refspec deletion (`git push origin :branch`) now blocked" entry into it; create a `### Changed` section and move the "Force push block now suggests `git merge` — error message explains how to avoid diverged history" entry into it; leave the "Block `--force-with-lease`" and "Fixed README" lines under `### Fixed`; ensure headings `### Added`, `### Changed`, and `### Fixed` appear and that entries are removed from `### Fixed` once moved.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In @.devcontainer/CHANGELOG.md:
- Around line 5-11: Move the changelog entries into proper headings: create a
`### Added` section and move the "Block remote branch deletion — `git push
origin --delete` and colon-refspec deletion (`git push origin :branch`) now
blocked" entry into it; create a `### Changed` section and move the "Force push
block now suggests `git merge` — error message explains how to avoid diverged
history" entry into it; leave the "Block `--force-with-lease`" and "Fixed
README" lines under `### Fixed`; ensure headings `### Added`, `### Changed`, and
`### Fixed` appear and that entries are removed from `### Fixed` once moved.
ℹ️ Review info
Configuration used: defaults
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
.devcontainer/CHANGELOG.md.devcontainer/plugins/devs-marketplace/plugins/dangerous-command-blocker/README.md.devcontainer/plugins/devs-marketplace/plugins/dangerous-command-blocker/scripts/block-dangerous.py
Summary
git push origin --deleteand colon-refspecgit push origin :branchnow blocked; deleting remote branches closes associated PRs with no recovery path--force-with-lease— was bypassing the bare force push regex due to\bmatching at the-in--force-with-lease; all force push variants now blocked uniformlygit merge origin/mainas the correct alternative to rebasing, preventing agents from improvising destructive workaroundsContext
An agent rebased a PR branch, got blocked on force push, then worked around it by deleting the remote branch and re-pushing — which permanently closed the PR. These changes close both the escape hatch (branch deletion) and the root cause (unhelpful error message that didn't suggest an alternative).
Test plan
Summary by CodeRabbit
New Features
Bug Fixes
Documentation