A UbiquityOS plugin that protects configuration files from unauthorized modifications by restoring only the protected files changed by users without admin or billing_manager access.
- Listens for push events on the repository default branch.
- Detects protected config paths such as
.ubiquity-os.config.ymland.github/ubiquity-os.config.yml. - Verifies the committer's privileges by checking repository collaborator permission and organization billing role access.
- Creates a focused revert commit that restores only the protected config files touched by the unauthorized push.
- It preserves unrelated files from the same push instead of rolling the whole tree back to the parent commit.
- It checks
billing_managerthrough organization role membership rather than assuming the regular membership API exposes that role directly. - It includes regression tests for authorized writes, unauthorized writes, and partial file restoration behavior.
| Setting | Type | Default | Description |
|---|---|---|---|
protectedConfigPaths |
string[] |
.ubiquity-os.config.yml, .ubiquity-os.config.yaml, ubiquity-os.config.yml, ubiquity-os.config.yaml, .github/ubiquity-os.config.yml, .github/ubiquity-os.config.yaml |
Config paths the plugin will guard |
allowedRoles |
string[] |
admin, billing_manager |
Roles allowed to change protected config files |
protectedConfigPaths:
- .ubiquity-os.config.yml
- .github/ubiquity-os.config.yml
allowedRoles:
- admin
- billing_managerpush- monitors default-branch pushes for protected config changes
When an unauthorized modification is detected:
- The plugin loads the unauthorized commit and its parent commit.
- It resolves the current default-branch head.
- It reconstructs only the protected files from the parent tree.
- It creates a new commit on top of the current default-branch head.
- It updates the branch reference to the new revert commit.
npm test -- --runInBand
npm run build