Enable branch protection on default branch

## Problem

The default branch (`main`) has **no branch protection rules** configured. This means anyone with write access can:

- Push directly to `main` without a pull request
- Force-push to `main`, potentially rewriting history
- Delete the `main` branch

## Recommended Policy

Enable branch protection on `main` with at minimum:

- [x] **Require a pull request before merging**
  - Require at least **1 approval**
  - Dismiss stale pull request approvals when new commits are pushed
- [x] **Require status checks to pass before merging** (if CI is configured)
- [x] **Do not allow force pushes**
- [x] **Do not allow deletions**
- [ ] Consider: Require signed commits
- [ ] Consider: Require linear history
- [ ] Consider: Include administrators in these restrictions

## How To Enable

1. Go to **Settings > Branches > Add branch protection rule**
2. Branch name pattern: `main`
3. Configure the settings above
4. Save changes

## References

- [GitHub docs: Managing a branch protection rule](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enable branch protection on default branch #28

Problem

Recommended Policy

How To Enable

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Enable branch protection on default branch #28

Description

Problem

Recommended Policy

How To Enable

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions