Skip to content

feat: block force pushes via pre-push hook#400

Draft
Copilot wants to merge 6 commits into
mainfrom
copilot/fr-block-force-pushes
Draft

feat: block force pushes via pre-push hook#400
Copilot wants to merge 6 commits into
mainfrom
copilot/fr-block-force-pushes

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 13, 2026
edited
Loading

Adds a check-no-force-push pre-push hook that detects and blocks git push --force / git push -f by inspecting pushed ref ancestry via git merge-base --is-ancestor.

Detection logic

Reads git's pre-push stdin (<local ref> <local sha> <remote ref> <remote sha>) and evaluates:

  • Remote SHA is zero → new branch push → ✅ pass
  • git merge-base --is-ancestor <remote_sha> <local_sha> returns 0 → fast-forward → ✅ pass
  • Returns 1 → remote not in local ancestry → force push → ❌ fail
  • Returns 128 → git error / unknown SHA → ✅ pass (conservative)

New components

  • ForcePushValidator (engine.py) — core validator reading pre-push stdin
  • PUSH_RULES (rules_catalog.py) — new push rule catalog, parallel to COMMIT_RULES/BRANCH_RULES
  • [push] config sectionallow_force_push = false to enable blocking via cchk.toml or CCHK_ALLOW_FORCE_PUSH env var
  • validate_push() (api.py) — programmatic API entry point
  • check-no-force-push (.pre-commit-hooks.yaml) — pre-push hook definition with stages: [pre-push]

Usage

# .pre-commit-config.yaml
repos:
  - repo: https://github.com/commit-check/commit-check
    rev: vX.Y.Z
    hooks:
      - id: check-no-force-push

Or via CLI directly (e.g. in a custom pre-push script):

git push | commit-check --no-force-push

Or opt-in via config:

# cchk.toml
[push]
allow_force_push = false

@netlify
Copy link
Copy Markdown

netlify Bot commented Apr 13, 2026
edited
Loading

Deploy Preview for commit-check ready!

Name Link
🔨 Latest commit 3fee641
🔍 Latest deploy log https://app.netlify.com/projects/commit-check/deploys/69dd6e8e4e53f1000888c6d5
😎 Deploy Preview https://deploy-preview-400--commit-check.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

Copilot AI linked an issue Apr 13, 2026 that may be closed by this pull request
[FR] Block force pushes #203
Open
@shenxianpeng shenxianpeng added the enhancement New feature or request label Apr 13, 2026
Copilot AI and others added 2 commits April 13, 2026 21:45
@shenxianpeng
feat: add force push blocking support via --no-force-push flag and pr…
a372764 
…e-push hook

Agent-Logs-Url: https://github.com/commit-check/commit-check/sessions/92e9c4ea-08b4-4f09-b433-72a19aa53f97

Co-authored-by: shenxianpeng <3353385+shenxianpeng@users.noreply.github.com>
@shenxianpeng
refactor: address code review comments - cleaner config override and …
04806d5 
…improved docs

Agent-Logs-Url: https://github.com/commit-check/commit-check/sessions/92e9c4ea-08b4-4f09-b433-72a19aa53f97

Co-authored-by: shenxianpeng <3353385+shenxianpeng@users.noreply.github.com>
Copilot AI changed the title [WIP] Add feature to block force pushes from users feat: block force pushes via pre-push hook Apr 13, 2026
Copilot AI requested a review from shenxianpeng April 13, 2026 21:48
@codspeed-hq
Copy link
Copy Markdown

codspeed-hq Bot commented Apr 13, 2026
edited
Loading

Merging this PR will not alter performance

✅ 238 untouched benchmarks
🆕 33 new benchmarks
⏩ 108 skipped benchmarks1

Performance Changes

Benchmark BASE HEAD Efficiency
🆕 test_force_push_is_blocked N/A 1.1 ms N/A
🆕 test_multiple_refs_one_force_push_blocks N/A 1.1 ms N/A
🆕 test_malformed_push_line_is_skipped N/A 136.9 µs N/A
🆕 test_empty_lines_in_stdin_are_skipped N/A 562.4 µs N/A
🆕 test_new_branch_push_is_allowed N/A 142.6 µs N/A
🆕 test_fast_forward_push_is_allowed N/A 559 µs N/A
🆕 test_no_stdin_with_upstream_fallback_passes_fast_forward N/A 1.2 ms N/A
🆕 test_git_error_allows_push N/A 559.3 µs N/A
🆕 test_no_stdin_skips_validation N/A 131 µs N/A
🆕 test_no_stdin_with_upstream_fallback_passes_without_upstream N/A 556.1 µs N/A
🆕 test_no_stdin_with_upstream_fallback_blocks_force_push N/A 2.1 ms N/A
🆕 test_validation_engine_includes_force_push_validator N/A 106.1 µs N/A
🆕 test_no_stdin_with_upstream_fallback_uses_tracking_ref_when_remote_sha_missing N/A 1.2 ms N/A
🆕 test_no_stdin_with_upstream_fallback_fetches_remote_commit_when_needed N/A 2.5 ms N/A
🆕 test_no_force_push_fast_forward_passes N/A 4.4 ms N/A
🆕 test_no_force_push_flag_in_help N/A 5.5 ms N/A
🆕 test_no_force_push_force_push_fails N/A 4.4 ms N/A
🆕 test_no_force_push_no_stdin_blocks_non_fast_forward_upstream N/A 5.2 ms N/A
🆕 test_no_force_push_new_branch_passes N/A 3.8 ms N/A
🆕 test_no_force_push_no_stdin_passes N/A 3.7 ms N/A
... ... ... ... ...

ℹ️ Only the first 20 benchmarks are displayed. Go to the app to view all benchmarks.

Comparing copilot/fr-block-force-pushes (3fee641) with main (a8abd6d)

Open in CodSpeed

Footnotes

  1. 108 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

@shenxianpeng
Copy link
Copy Markdown
Member

shenxianpeng commented Apr 13, 2026

pre-commit.ci autofix

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 13, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 92.63158% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 95.19%. Comparing base (a8abd6d) to head (3fee641).

Files with missing lines Patch % Lines
commit_check/api.py 14.28% 6 Missing ⚠️
commit_check/rule_builder.py 94.44% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #400      +/-   ##
==========================================
- Coverage   95.66%   95.19%   -0.47%     
==========================================
  Files          10       10              
  Lines         991     1082      +91     
==========================================
+ Hits          948     1030      +82     
- Misses         43       52       +9

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@github-actions github-actions Bot added the documentation Improvements or additions to documentation label Apr 13, 2026
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 13, 2026

Quality Gate Passed Quality Gate passed

Issues
3 New issues
6 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shenxianpeng shenxianpeng Awaiting requested review from shenxianpeng

Assignees

@shenxianpeng shenxianpeng

Copilot code review Copilot

Labels

documentation Improvements or additions to documentation enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FR] Block force pushes

2 participants

@shenxianpeng