Guide for configuring GitHub repository rules, branch protection, rulesets, CODEOWNERS, and security policies. Use when users need to set up branch protection rules, configure required reviews, enforce status checks, manage merge strategies, or implement repository security policies.
/plugin marketplace add leobrival/topographic-studio-plugins/plugin install code-workflows@topographic-studio-pluginsThis skill inherits all available tools. When active, it can use any tool Claude has access to.
assets/rulesets/enterprise.jsonassets/rulesets/monorepo.jsonassets/rulesets/open-source.jsonassets/rulesets/protect-tags.jsonassets/rulesets/small-team.jsonassets/rulesets/solo-developer.jsonassets/rulesets/standard-team.jsonreferences/branch-protection.mdreferences/codeowners.mdreferences/infrastructure-as-code.mdreferences/rulesets-api.mdreferences/security.mdConfigure repository rules, branch protection, and security policies for GitHub repositories.
User request → What type of rules?
│
├─ Branch Protection (legacy) → See references/branch-protection.md
│ └─ Single branch, simple rules
│
├─ Rulesets (modern) → See assets/rulesets/
│ ├─ Multiple branches/tags
│ ├─ Organization-wide rules
│ └─ More granular control
│
├─ Code Review → See references/codeowners.md
│ ├─ CODEOWNERS file
│ └─ Required reviewers
│
└─ Security Policies → See references/security.md
├─ SECURITY.md
├─ Dependabot
└─ Secret scanning
# View current branch protection
gh api repos/{owner}/{repo}/branches/main/protection
# View rulesets
gh api repos/{owner}/{repo}/rulesets
# Apply ruleset from JSON
gh api repos/{owner}/{repo}/rulesets \
--method POST \
--input ruleset.json
See references/infrastructure-as-code.md for IaC approaches.
| Feature | Branch Protection | Rulesets |
|---|---|---|
| Multiple branches | One rule per branch | Pattern matching |
| Tags | Not supported | Supported |
| Organization-wide | No | Yes |
| Bypass permissions | Limited | Granular |
| Import/Export | No | JSON export |
| API | REST only | REST + GraphQL |
Recommendation: Use Rulesets for new projects. Branch Protection for legacy compatibility.
# Using gh CLI
gh api repos/{owner}/{repo}/rulesets --method POST --input - << 'EOF'
{
"name": "Protect main",
"target": "branch",
"enforcement": "active",
"conditions": {
"ref_name": {
"include": ["refs/heads/main"],
"exclude": []
}
},
"rules": [
{"type": "pull_request", "parameters": {
"required_approving_review_count": 1,
"dismiss_stale_reviews_on_push": true,
"require_last_push_approval": true
}},
{"type": "required_status_checks", "parameters": {
"required_status_checks": [
{"context": "ci"}
],
"strict_required_status_checks_policy": true
}}
]
}
EOF
gh api repos/{owner}/{repo}/rulesets --method POST --input - << 'EOF'
{
"name": "Signed commits",
"target": "branch",
"enforcement": "active",
"conditions": {
"ref_name": {
"include": ["~DEFAULT_BRANCH"],
"exclude": []
}
},
"rules": [
{"type": "required_signatures"}
]
}
EOF
gh api repos/{owner}/{repo}/rulesets --method POST --input - << 'EOF'
{
"name": "Protect releases",
"target": "tag",
"enforcement": "active",
"conditions": {
"ref_name": {
"include": ["refs/tags/v*"],
"exclude": []
}
},
"rules": [
{"type": "creation"},
{"type": "deletion"}
]
}
EOF
| Use Case | Template |
|---|---|
| Solo developer | solo-developer.json |
| Small team (2-5) | small-team.json |
| Standard team | standard-team.json |
| Enterprise | enterprise.json |
| Open source | open-source.json |
| Monorepo | monorepo.json |
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.