APort

The Passport Office for AI Agents

Back to Policy Packs

Repository Safety Policy

Pre-action governance for repository operations. Enforces PR limits, merge controls, path restrictions, and review requirements for dev-first safety.

v1.0.0

Requirements

Required Capabilities

repo.pr.create

repo.merge

Minimum Assurance Level

L2

Required Limits

max_prs_per_day

max_merges_per_day

max_pr_size_kb

Enforcement Rules

These rules are automatically enforced when using this policy pack

allowed_repos_enforced

allowed_base_branches_enforced

path_allowlist_enforced

size_limits_enforced

review_requirements_enforced

Best Practices

Implement repository allowlists to prevent unauthorized access
Use branch protection rules for critical branches
Monitor PR size and complexity to prevent oversized changes
Require code reviews for production merges
Log all repository operations for Verifiable Attestation
Use path allowlists to restrict file access patterns
Subscribe to status webhooks for instant suspend
Implement progressive limits for new agents
Use automated testing requirements for large changes