# Pattern: Protected Main Branch Status: seed Readiness target: RL2 private beta Primary owners: product repos, NetKingdom Genesis family: Supply chain ## Problem Production code can be changed without review, tests, or traceable approval when the main branch is not protected. ## Context Use this pattern for repositories that produce production services, platform manifests, policy packages, documentation standards, or release artifacts. ## Forces - Teams need fast iteration. - Production branches need review and checks. - Emergency fixes need traceable override. - Branch rules should match artifact criticality. ## Solution Protect main and release branches with review, required checks, signed or verified changes where useful, and explicit emergency override procedures. ## Verification - Direct pushes to protected branches are blocked. - Required tests and reviews pass before merge. - Emergency overrides are logged and reviewed. - Release artifacts link back to protected branch commits. ## Related Patterns - GitOps with Guardrails. - SLSA Build Provenance. - SBOM-per-Release. - Supply-Chain Provenance.