---
title: "⚖️ The One Where the Rules Finally Make Sense"
date: 2026-05-09
author: Andrea Griffiths
language: en
issue: 26
excerpt: "Better ruleset bypass controls, secret scanning in the MCP workflow, and an LSP experiment that made a large codebase 3-4x faster."
tags: ["rulesets", "secret-scanning", "copilot", "lsp", "newsletter"]
canonical_url: https://mainbranch.beehiiv.com/p/main-branch-the-one-where-the-rules-finally-make-sense-issue-26
---

Hiya friends,

It's been a heavy one in tech. If you're navigating layoffs right now, please reach out. If we've worked together, I'll write you a LinkedIn recommendation. Need an intro in my network? DM me.

On the product side, two useful updates landed this week: better ruleset bypass controls, and secret scanning inside the MCP workflow.

## 🚢 What Shipped

You can now add individual users as bypass actors on repo-level rulesets directly, through the UI, REST API, or GraphQL. No more creating a whole team just to give one person or service account bypass access.

Repo admins can also rename a branch covered by an org ruleset without asking an org admin, as long as the new branch name stays within the scope of every ruleset that applied to the original. If it falls outside that scope, the rename is blocked. That one's for anyone who's ever filed a request just to rename `master` to `main`.

If you're in VS Code or GitHub Copilot CLI, you can ask your agent to check for exposed secrets before you commit. It picks up whatever push protection rules you've already set at the repo or org level, no duplicate config.

```bash
# GitHub Copilot CLI setup (advanced-security plugin required)
/plugin install advanced-security@copilot-plugins

# Then ask your agent before you commit:
# "Scan my current changes for exposed secrets"
```

Requires GitHub Secret Protection to be enabled on the repo. Install the GitHub MCP Server, add the plugin if you want the tailored experience, and you're set.

## 📖 What I'm Reading

Zack ran the same coding tasks with and without language servers enabled in GitHub Copilot CLI. In a large Ruby monolith (~118k files), LSP made the agent 3-4x faster. In a small Python repo with 61 files, it made no difference.

Without LSP, the agent falls back to grep-like search and burns tool calls chasing false positives. With LSP, it asks where the function is defined and goes straight there.

Worth your time if: you're in a large codebase and haven't set up LSP yet.

## 🔧 What I'm Using

[ClawPilot](https://www.geekwire.com/2026/microsofts-openclaw-team-takes-on-the-personal-assistant-challenge/), Microsoft's internal OpenClaw-based desktop agent. Work laptops are locked down. This week I'm helping judge a hackathon and could not remember the dates or any of the details. ClawPilot pulled them from my inbox in under a minute.

## ✨ This Week

Judging the [Geekulcha Top 15 Young Geeks](https://www.geekulcha.dev/young-geeks), a program celebrating African tech innovators who are actually building things. I've had a chance to run a hackathon in South Africa before and what the community builds in an afternoon will blow your mind. Looking forward to this one.

With gratitude,

Andrea

## 📌 P.S.

We're running a writing contest over at [mainbranch.dev](https://acolombiadev.zo.space/contest). If you've been sitting on a tutorial/article idea, this is your excuse. Best submission gets featured here and wins $100 in GitHub Shop credit. Submissions close June 13.