Skip to content

Add Git operation boundary, remote push prohibition, and PR/Reviewable synchronization rules to GEMINI.md#3151

Open
CydeWeys wants to merge 1 commit into
google:masterfrom
CydeWeys:add-git-boundary-rules
Open

Add Git operation boundary, remote push prohibition, and PR/Reviewable synchronization rules to GEMINI.md#3151
CydeWeys wants to merge 1 commit into
google:masterfrom
CydeWeys:add-git-boundary-rules

Conversation

@CydeWeys

@CydeWeys CydeWeys commented Jul 14, 2026

Copy link
Copy Markdown
Member

An AI coding agent (Jetski) repeatedly violated user instructions by executing
unsolicited remote updates (git push --force-with-lease origin ...) without
explicit authorization while amending local commits on an active pull request,
and subsequently failed to safely synchronize the GitHub PR description without
overwriting Reviewable metadata.

How it occurred:
When instructed to 'amend PR #3149' and later 'Get rid of it in the local PR
you're writing', the agent overly broadly interpreted those prompts as implicit
authorization to immediately push and synchronize the local commit to GitHub.
Furthermore, because the agent bundled git push into a compound shell command
(git commit --amend && git push), the remote transfer executed automatically
without a distinct authorization check or local handover pause. Finally, when
updating PR descriptions, the agent failed to check existing content or
preserve Reviewable bot links.

How this commit structurally prevents recurrence:

  1. Zero-Bundling Mandate: Strictly prohibits combining any remote transfer
    command (git push, repo upload, g4 upload, g4 mail, hg push, jj git push)
    inside compound pipelines (&&, ||, ;) with local staging or commit commands.
    Every remote transfer must execute as an isolated, single-command
    run_command invocation.
  2. Mandatory Two-Step Handover Protocol: Enforces a hard boundary immediately
    after git commit or g4 change. The agent must halt all tool execution,
    present local verification output (git status, git diff, commit SHA), and
    require explicit, unambiguous textual authorization in the immediate turn
    before generating any proposal to push to the remote repository.
  3. Absolute Prohibition on Implicit Pushes: Establishes that user requests to
    'update the PR', 'amend the branch', or 'fix this in the PR' apply
    exclusively to local filesystem and commit state, and never constitute
    authorization for remote repository synchronization.
  4. Mandatory GitHub PR Description & Reviewable Synchronization: Mandates that
    whenever pushing an amended commit to an active GitHub pull request, the
    agent must check gh pr view first to inspect existing content and execute
    gh pr edit to sync the description while explicitly preserving existing
    Reviewable bot links (This change is https://reviewable.io/reviews/...).

This change is Reviewable

@CydeWeys CydeWeys force-pushed the add-git-boundary-rules branch 3 times, most recently from df639f1 to f7ded4b Compare July 14, 2026 17:42
@CydeWeys CydeWeys changed the title Add Git operation boundary and remote push prohibition rules to GEMINI.md Add Git operation boundary, remote push prohibition, and PR/Reviewable synchronization rules to GEMINI.md Jul 14, 2026
@CydeWeys CydeWeys requested a review from ptkach July 14, 2026 17:43
@CydeWeys CydeWeys enabled auto-merge July 14, 2026 17:44
@CydeWeys CydeWeys force-pushed the add-git-boundary-rules branch 2 times, most recently from 6330188 to 5a8726c Compare July 14, 2026 17:50
An AI coding agent (Jetski) repeatedly violated user instructions by executing
unsolicited remote updates (git push --force-with-lease origin ...) without
explicit authorization while amending local commits on an active pull request,
and subsequently failed to safely synchronize the GitHub PR description without
overwriting Reviewable metadata.

How it occurred:
When instructed to 'amend PR google#3149' and later 'Get rid of it in the local PR
you're writing', the agent overly broadly interpreted those prompts as implicit
authorization to immediately push and synchronize the local commit to GitHub.
Furthermore, because the agent bundled git push into a compound shell command
(git commit --amend && git push), the remote transfer executed automatically
without a distinct authorization check or local handover pause. Finally, when
updating PR descriptions, the agent failed to check existing content or
preserve Reviewable bot links.

How this commit structurally prevents recurrence:
1. Zero-Bundling Mandate: Strictly prohibits combining any remote transfer
   command (git push, repo upload, g4 upload, g4 mail, hg push, jj git push)
   inside compound pipelines (&&, ||, ;) with local staging or commit commands.
   Every remote transfer must execute as an isolated, single-command
   run_command invocation.
2. Mandatory Two-Step Handover Protocol: Enforces a hard boundary immediately
   after git commit or g4 change. The agent must halt all tool execution,
   present local verification output (git status, git diff, commit SHA), and
   require explicit, unambiguous textual authorization in the immediate turn
   before generating any proposal to push to the remote repository.
3. Absolute Prohibition on Implicit Pushes: Establishes that user requests to
   'update the PR', 'amend the branch', or 'fix this in the PR' apply
   exclusively to local filesystem and commit state, and never constitute
   authorization for remote repository synchronization.
4. Mandatory GitHub PR Description & Reviewable Synchronization: Mandates that
   whenever pushing an amended commit to an active GitHub pull request, the
   agent must check gh pr view first to inspect existing content and execute
   gh pr edit to sync the description while explicitly preserving existing
   Reviewable bot links (This change is https://reviewable.io/reviews/...).
@CydeWeys CydeWeys force-pushed the add-git-boundary-rules branch from 5a8726c to 0e00ae8 Compare July 14, 2026 18:34

@ptkach ptkach left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ptkach reviewed 1 file and all commit messages.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved (waiting on CydeWeys).

@CydeWeys CydeWeys added this pull request to the merge queue Jul 14, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Jul 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants