Profiles
A profile is a per-repo declaration of how strict the merge gate
is. It lives in registry.yaml and gates which verbs can act
without explicit human approval.
The three profiles
Section titled “The three profiles”| Profile | Use for | Effect |
|---|---|---|
strict | Production / control-plane / shared infrastructure | All write verbs require human merge. request_merge_when_green is rejected unconditionally. |
standard | Most production repos | Human merge by default. request_merge_when_green permitted only for fleets explicitly listed in fleets_allowed. |
permissive | Sandboxes, scratch repos, dogfood instances | Auto-merge available to any allowed fleet (or human). Use sparingly. |
What request_merge_when_green actually does
Section titled “What request_merge_when_green actually does”It opens a PR (same surface as request_review) and sets
GitHub’s auto-merge label. Branch protection + required CI checks
still gate the merge — auto-merge fires after CI goes green, not
on PR open. So even on a permissive-profile repo, a red CI run
blocks the merge.
The profile gate is therefore about whether the verb is permitted at all, not about whether merges happen instantly.
Choosing a profile when registering a repo
Section titled “Choosing a profile when registering a repo”A simple decision tree:
- Does this repo have CODEOWNERS or required review approvers on its default branch? → strict.
- Does this repo have CI but no required reviewers? → standard.
- Is this repo a sandbox you’d be fine with bots merging into freely? → permissive.
When in doubt, strict is the safe default. Profile is editable
later via a request_review PR against registry.yaml; tightening
is cheap, loosening should be deliberate.
What strict-profile rejection looks like
Section titled “What strict-profile rejection looks like”$ petrova request_merge_when_green petrova-hq --input ...request_merge_when_green → failed ✗ PROFILE_PERMITS_AUTOMERGE repo 'petrova-hq' has profile 'strict'; auto-merge is forbidden — use request_review insteadThe recovery is mechanical: switch to request_review (drop
merge_method from the params) and request a human approver.
petrova-hq is strict
Section titled “petrova-hq is strict”The control plane itself is strict-profile and fleets_allowed: [].
Changes to PETROVA-HQ go through human PR review only — no agent
automation. This is intentional: the control plane is the substrate
that audits everything else, and an agent that could rewrite the
substrate would invalidate every audit it then performed.
See also
Section titled “See also”request_merge_when_green— the verb the profile gates.- Registry — where
profilelives. - Fleets —
fleets_allowedfor thestandard-profile interaction.