2026-02-02 · Authensor

How to Prevent AI from Pushing to the Main Branch

SafeClaw by Authensor blocks AI agents from pushing to your main or master branch by gating git commands at the action level. With deny-by-default enforcement, any git push targeting a protected branch is denied before execution. Install with npx @authensor/safeclaw and your production branch is safe from AI-initiated pushes immediately.

Why This Matters

A direct push to main or master can deploy untested code to production, overwrite reviewed commits, or trigger CI/CD pipelines that ship broken features to users. GitHub branch protection rules help, but they only work server-side — an AI agent running locally can still execute git push origin main and the command will reach your remote before any server-side rule kicks in.

SafeClaw stops the push before it leaves your machine.

Step 1: Install SafeClaw

npx @authensor/safeclaw

Works with Claude Code, GPT agents, Cursor, and any AI tool that can execute git commands.

Step 2: Block Pushes to Protected Branches

# safeclaw.policy.yaml
rules:
  - action: shell.execute
    command_pattern: "git push * main"
    effect: deny
    reason: "Direct push to main branch is forbidden"


- action: shell.execute
    command_pattern: "git push * master"
    effect: deny
    reason: "Direct push to master branch is forbidden"



- action: shell.execute
    command_pattern: "git push origin main"
    effect: deny
    reason: "Push to origin/main is forbidden"



- action: shell.execute
    command_pattern: "git push origin master"
    effect: deny
    reason: "Push to origin/master is forbidden"

Step 3: Block Force Pushes Entirely

Force pushes are even more dangerous — they can rewrite commit history. Block them across all branches:

rules:
  - action: shell.execute
    command_pattern: "git push --force*"
    effect: deny
    reason: "Force push is forbidden on all branches"


- action: shell.execute
    command_pattern: "git push -f *"
    effect: deny
    reason: "Force push shorthand is forbidden"



- action: shell.execute
    command_pattern: "git push --force-with-lease*"
    effect: deny
    reason: "Force push with lease is still a force push"

Step 4: Allow Pushes to Feature Branches

Your agent should still be able to push to feature branches for pull requests:

rules:
  # Allow push to feature branches
  - action: shell.execute
    command_pattern: "git push origin feature/*"
    effect: allow
    reason: "Allow pushing to feature branches"


- action: shell.execute
    command_pattern: "git push -u origin feature/*"
    effect: allow
    reason: "Allow setting upstream on feature branches"



# Block everything else
  - action: shell.execute
    command_pattern: "git push *"
    effect: deny
    reason: "All other git pushes require human approval"

With first-match-wins evaluation, feature branch pushes are allowed while pushes to main, master, or any other branch are denied.

Step 5: Block Branch Deletion and History Rewriting

Protect against other dangerous git operations:

rules:
  - action: shell.execute
    command_pattern: "git branch -D main"
    effect: deny
    reason: "Cannot delete the main branch"


- action: shell.execute
    command_pattern: "git rebase * main"
    effect: deny
    reason: "Cannot rebase onto main"



- action: shell.execute
    command_pattern: "git reset --hard*"
    effect: deny
    reason: "Hard reset can destroy commit history"

Step 6: Test and Audit

Run simulation mode:

npx @authensor/safeclaw --simulate

Verify the block works by asking your agent to push to main. The simulation log confirms:

[DENIED] shell.execute: "git push origin main"
  Rule: "Push to origin/main is forbidden"

Check the hash-chained audit trail:

npx @authensor/safeclaw audit --filter "command_pattern:git push"

Every attempt — allowed or denied — is recorded in the tamper-proof log.

Complement, Don't Replace, GitHub Branch Protection

SafeClaw operates client-side, stopping the push before it reaches GitHub. GitHub branch protection operates server-side. Use both for defense in depth. SafeClaw catches the intent; GitHub catches anything that slips through.

SafeClaw is open-source, MIT licensed, and backed by 446 tests. It works with both Claude and OpenAI providers.

Related Pages

Try SafeClaw

Action-level gating for AI agents. Set it up in your browser in 60 seconds.

$ npx @authensor/safeclaw