⚖️ The One Where the Rules Finally Make Sense
Hiya friends,
It’s been a heavy one in tech. If you’re navigating layoffs right now, please reach out. If we’ve worked together, I’ll write you a LinkedIn recommendation. Need an intro in my network? DM me.
On the product side, two useful updates landed this week: better ruleset bypass controls, and secret scanning inside the MCP workflow.
🚢 What Shipped
You can now add individual users as bypass actors on repo-level rulesets directly, through the UI, REST API, or GraphQL. No more creating a whole team just to give one person or service account bypass access.
Repo admins can also rename a branch covered by an org ruleset without asking an org admin, as long as the new branch name stays within the scope of every ruleset that applied to the original. If it falls outside that scope, the rename is blocked. That one’s for anyone who’s ever filed a request just to rename master to main.
If you’re in VS Code or GitHub Copilot CLI, you can ask your agent to check for exposed secrets before you commit. It picks up whatever push protection rules you’ve already set at the repo or org level, no duplicate config.
# GitHub Copilot CLI setup (advanced-security plugin required)
/plugin install advanced-security@copilot-plugins
# Then ask your agent before you commit:
# "Scan my current changes for exposed secrets"Requires GitHub Secret Protection to be enabled on the repo. Install the GitHub MCP Server, add the plugin if you want the tailored experience, and you’re set.
📖 What I’m Reading
Zack ran the same coding tasks with and without language servers enabled in GitHub Copilot CLI. In a large Ruby monolith (~118k files), LSP made the agent 3-4x faster. In a small Python repo with 61 files, it made no difference.
Without LSP, the agent falls back to grep-like search and burns tool calls chasing false positives. With LSP, it asks where the function is defined and goes straight there.
Worth your time if: you’re in a large codebase and haven’t set up LSP yet.
🔧 What I’m Using
ClawPilot, Microsoft’s internal OpenClaw-based desktop agent. Work laptops are locked down. This week I’m helping judge a hackathon and could not remember the dates or any of the details. ClawPilot pulled them from my inbox in under a minute.
✨ This Week
Judging the Geekulcha Top 15 Young Geeks, a program celebrating African tech innovators who are actually building things. I’ve had a chance to run a hackathon in South Africa before and what the community builds in an afternoon will blow your mind. Looking forward to this one.
With gratitude,
Andrea
📌 P.S.
We’re running a writing contest over at mainbranch.dev. If you’ve been sitting on a tutorial/article idea, this is your excuse. Best submission gets featured here and wins $100 in GitHub Shop credit. Submissions close June 13.
Subscribe to Main Branch
Join developers shipping real features. Every issue is a three-minute read packed with fundamentals you can apply today.
No spam. Unsubscribe anytime.