Goals

• Ensure quality on the devel and master branches
• Minimize rework caused by accidental direct pushes (e.g., default git push behavior)

Proposal

• Reject direct commits to selected branches (e.g., devel, master) for all users
• Require that all changes to these branches be introduced via pull requests
• Allow direct commits on feature or hotfix branches (i.e. all other branches)
• Make this policy configurable per branch, so teams can choose which branches enforce PR-only rules (e.g., master, devel, release/*), while leaving others unchanged

Problem with current options

• Today, you can restrict pushes on specific branches using fine-grained permissions, but this is too restrictive because it effectively limits PR merges to administrators. We need a policy that blocks direct pushes while still allowing non-admin users (e.g., developers with write access) to merge approved PRs into protected branches.

Acceptance criteria

• The PR-only policy can be enabled or disabled per branch
• Direct pushes to branches with PR-only enabled are blocked with a clear error message
• Users with appropriate write/maintainer permissions can open and merge approved PRs into branches with PR-only enabled
• Direct commits remain allowed on feature and hotfix branches (unless PR-only is explicitly enabled on those branches)