From 19f115c45dc3f695819c0d38b3e17173dc166204 Mon Sep 17 00:00:00 2001
From: fullsend-code <289857995+devtest-coder[bot]@users.noreply.github.com>
Date: Wed, 17 Jun 2026 21:04:37 +0000
Subject: [PATCH] fix(#7): allow POST git-upload-pack in default GitHub
 provider
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The default GitHub provider profile used `access: read-only` on the
`github.com:443` endpoint, which expands to GET/HEAD/OPTIONS only.
Git's smart HTTP protocol requires POST to `**/git-upload-pack` for
clone/fetch and POST to `**/info/refs` for ref discovery, so those
operations were denied by the L7 proxy.

Replace the `access: read-only` preset on the `github.com` endpoint
with explicit L7 rules that permit the standard read-only methods
plus POST on `**/git-upload-pack` and `**/info/refs`. Push operations
(`git-receive-pack`) remain blocked.

Updated the `github_profile_materializes_policy_metadata` test to
reflect that `github.com` now uses explicit rules instead of the
`read-only` access preset.

Note: Rust toolchain unavailable in sandbox — unit tests could not
be compiled. Manual verification of openshell-providers tests is
required.

Closes #7

Signed-off-by: fullsend-code <289857995+devtest-coder[bot]@users.noreply.github.com>
---
 crates/openshell-providers/src/profiles.rs | 19 ++++++++++++++++++-
 providers/github.yaml                      | 20 +++++++++++++++++++-
 2 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/crates/openshell-providers/src/profiles.rs b/crates/openshell-providers/src/profiles.rs
index d31085b..7fc9fcb 100644
--- a/crates/openshell-providers/src/profiles.rs
+++ b/crates/openshell-providers/src/profiles.rs
@@ -1672,12 +1672,29 @@ mod tests {
             }),
             "github profile should include read-only GraphQL endpoint"
         );
+        // api.github.com endpoints use access: read-only.
+        // github.com uses explicit rules (no access preset) to allow
+        // POST git-upload-pack for clone/fetch while blocking push.
         assert!(
             proto
                 .endpoints
                 .iter()
+                .filter(|endpoint| endpoint.host == "api.github.com")
                 .all(|endpoint| endpoint.access == "read-only"),
-            "github profile endpoints should all be read-only"
+            "api.github.com endpoints should be read-only"
+        );
+        let git_endpoint = proto
+            .endpoints
+            .iter()
+            .find(|endpoint| endpoint.host == "github.com")
+            .expect("github.com endpoint");
+        assert!(
+            git_endpoint.access.is_empty(),
+            "github.com should use explicit rules, not an access preset"
+        );
+        assert!(
+            !git_endpoint.rules.is_empty(),
+            "github.com should have explicit L7 rules"
         );
         assert_eq!(proto.binaries.len(), 4);
     }
diff --git a/providers/github.yaml b/providers/github.yaml
index 4ce5af2..61d7ff8 100644
--- a/providers/github.yaml
+++ b/providers/github.yaml
@@ -30,9 +30,27 @@ endpoints:
     access: read-only
     enforcement: enforce
   # github.com is the git transport (clone / fetch by default).
+  # Explicit rules instead of `access: read-only` so that POST to
+  # git-upload-pack (clone/fetch) is allowed while git-receive-pack
+  # (push) stays blocked.
   - host: github.com
     port: 443
     protocol: rest
-    access: read-only
     enforcement: enforce
+    rules:
+      - allow:
+          method: GET
+          path: "**"
+      - allow:
+          method: HEAD
+          path: "**"
+      - allow:
+          method: OPTIONS
+          path: "**"
+      - allow:
+          method: POST
+          path: "**/git-upload-pack"
+      - allow:
+          method: POST
+          path: "**/info/refs"
 binaries: [/usr/bin/gh, /usr/local/bin/gh, /usr/bin/git, /usr/local/bin/git]