How to Gate git push in AI Agents
SafeClaw by Authensor blocks git push by default in any AI agent workflow, requiring explicit policy approval before code reaches a remote repository. Install SafeClaw with npx @authensor/safeclaw and every push attempt is denied and audit-logged until you write a rule that says otherwise.
Why git push Is Dangerous When AI Agents Do It
An autonomous agent that can push to a remote repository can ship untested code, overwrite branch protections, and trigger CI/CD pipelines that deploy to production. A single unchecked git push from a coding assistant can propagate hallucinated code, leaked secrets in committed files, or broken dependencies to every downstream consumer of that branch. The blast radius multiplies when agents operate in loops — a retry cycle can spam dozens of pushes in seconds.
The Exact SafeClaw Policy to Gate git push
Add the following rule to your .safeclaw/policy.yaml:
rules:
- id: gate-git-push
action: shell.exec
match:
command: "git push*"
effect: deny
audit: true
message: "git push is not permitted without explicit approval."This rule uses SafeClaw's first-match-wins engine. The shell.exec action type intercepts any shell command matching the git push* glob pattern. The deny effect blocks execution before the process spawns. The audit: true flag writes a hash-chained log entry capturing the agent identity, timestamp, full command string, and denial reason.
What Happens When the Agent Tries
When an AI agent — whether running on Claude, OpenAI, or any other provider — attempts git push origin main, SafeClaw intercepts the action request before execution:
- The policy engine evaluates the command against all rules in order.
- The
gate-git-pushrule matches on thegit push*pattern. - The action is denied. The shell command never executes.
- An audit log entry is written:
{
"timestamp": "2026-02-13T14:32:01Z",
"action": "shell.exec",
"command": "git push origin main",
"effect": "deny",
"rule": "gate-git-push",
"agent": "coding-assistant-01",
"hash": "a3f8c1...prev_hash_chain"
}- The agent receives a structured denial response containing the
messagefield, allowing it to inform the user or adjust its plan.
How to Allow git push with Approval
If your workflow requires the agent to push after human review, use the approval effect instead of deny:
rules:
- id: gate-git-push-approval
action: shell.exec
match:
command: "git push*"
effect: approval
audit: true
approvers:
- role: developer
timeout: 300
message: "git push requires developer approval. Waiting up to 5 minutes."With this configuration, SafeClaw pauses the agent and surfaces an approval request. A developer with the correct role has 300 seconds to approve or reject. If the timeout expires, the action is denied. All approval decisions are audit-logged with the approver identity.
For more granular control, you can allow pushes only to specific branches:
rules:
- id: allow-push-feature-branches
action: shell.exec
match:
command: "git push origin feature/*"
effect: allow
audit: true
- id: deny-push-everything-else
action: shell.exec
match:
command: "git push*"
effect: deny
audit: true
message: "Only feature branch pushes are permitted."
Because SafeClaw uses first-match-wins evaluation, the feature branch rule is checked before the blanket deny. Pushes to feature/* pass through; pushes to main, develop, or any other target are blocked.
Verifying the Gate
Run SafeClaw in simulation mode to confirm your policy works without blocking real agent actions:
npx @authensor/safeclaw simulate --action 'shell.exec' --command 'git push origin main'The simulator returns the matched rule, the effect that would apply, and the audit entry that would be written. Use this in CI to validate policy changes before deployment.
Related Pages
- Deny-by-Default Explained
- How to Prevent AI Agents from Force Pushing
- Hash-Chained Audit Logs Deep Dive
- First-Match-Wins Policy Engine
Try SafeClaw
Action-level gating for AI agents. Set it up in your browser in 60 seconds.
$ npx @authensor/safeclaw