From d64cd4b1f739827a69c4ee8ca3c7f0108d1c6d4e Mon Sep 17 00:00:00 2001 From: NagyVikt Date: Sat, 11 Apr 2026 14:42:24 +0200 Subject: [PATCH] Prevent direct implementation edits on main/base branches Codify a strict branch-isolation rule for every new session so work starts on dedicated agent branches/worktrees, and document immediate recovery steps when accidental edits land on main or another base branch. Constraint: User explicitly requested never writing directly to main/current local branch Rejected: Keep existing softer guidance only | not strong enough to prevent repeat workflow drift Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep branch-isolation language aligned with agent-branch-start/finish scripts and avoid reintroducing main-branch exceptions Tested: npm test (46/46) Not-tested: GitHub markdown rendering diff --- AGENTS.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/AGENTS.md b/AGENTS.md index b753ab3..ffd728b 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -22,6 +22,9 @@ This AGENTS.md is the top-level operating contract for this repository. - For cleanup/refactor/deslop work: write a cleanup plan first. - Lock behavior with regression tests before cleanup edits when needed. +- Treat `main` and any currently checked-out base branch as read-only workspaces. +- Every new session must start by creating an isolated agent branch/worktree via `scripts/agent-branch-start.sh` before making edits. +- If edits are found on `main`/base by mistake, immediately move them to a dedicated agent branch/worktree before continuing. - Prefer deletion over addition. - Reuse existing patterns before introducing new abstractions. - No new dependencies without explicit request. @@ -87,6 +90,8 @@ OMX runtime state typically lives under `.omx/`: - Before deleting/replacing code, each agent must read the latest session comments/handoffs first and confirm the target code is in their owned scope. - If ownership is unclear or overlaps, stop that edit, post a blocker comment, and let the leader/integrator reassign scope. - For git isolation, each agent must start on a dedicated branch via `scripts/agent-branch-start.sh "" ""`. +- Do not implement changes directly on `main` or other base branches; all edits must happen on dedicated agent branches/worktrees. +- If the current local branch already contains accidental edits, move them to an agent branch/worktree first, then continue implementation. - Agent completion must use `scripts/agent-branch-finish.sh` (merge into `dev`, push, delete agent branch). 1. Explicit ownership before edits