MicroC2 uses a two-branch integration model:
mainis the stable branch. It should represent code that is ready for regular use in controlled lab environments.devis the development integration branch. Issue branches start fromdevand merge back intodev.- Issue branches should be short-lived and named after their work, for example
issue/86-listener-lifecycleorfeature/payload-build-profiles.
git fetch origin
git switch dev
git pull --ff-only
git switch -c issue/<number>-short-descriptionOpen the pull request back into dev. The context-aware CI workflow runs only
the relevant suites for the files changed by the branch.
When dev reaches a coherent milestone, open a pull request from dev into
main. Promotion pull requests run the full server, agent, static, formatting
advisory, and release package checks.
After the promotion merges, create or update any release notes from the merged
changes. Direct feature work should not target main.
The protected dev branch should require:
CI Gatefoxguard
The protected main branch should require:
CI GateRelease Packagefoxguard
CI Gate is the stable required GitHub Actions status. It depends on the
path-selected suites and fails if any selected blocking suite fails. This keeps
branch protection stable even when a path-specific job is intentionally skipped.
It also enforces that pull requests into main come from dev.
- Server changes run
Go Server:go test ./...,go vet ./..., and a server build inserver/. - Agent changes run
Rust Agent:cargo test --locked,cargo clippy --locked --all-targets, andcargo build --lockedinagent/. - Static UI or script changes run
Static Assets And Scripts: shell syntax checks and JavaScript syntax checks. - Pull requests into
mainrun every suite regardless of path, because they are release-promotion candidates. - Documentation-only changes to
devcan pass throughCI Gatewithout running server or agent builds.
Format Advisory is intentionally non-blocking until the existing formatting
backlog is cleaned up. Once formatting has been normalized, it can become a
blocking suite.
Foxguard runs as a GitHub App check and is configured by .foxguard.yml.
Existing high-severity findings are tracked in .foxguard/baseline.json so new
findings can be separated from legacy debt. Secret scanning uses
.foxguard/secrets-baseline.json.
Useful local equivalents before opening a pull request:
cd server
go test ./...
go vet ./...
go build -o /tmp/microc2-server ./cmdcd agent
cargo test --locked
cargo clippy --locked --all-targets
cargo build --locked