Branch Protection
Configure and manage GitHub branch protection rules with AI-powered recommendations. Secure your main branches with just a few clicks.
Overview
Branch protection rules prevent unauthorized changes to important branches like main or master.
Jasper makes it easy to configure these rules with:
- AI Recommendations - Get personalized suggestions based on your repo context
- Preset Templates - Apply standard, strict, or locked protection with one click
- Chat Interface - Ask questions and get guidance in natural language
- One-Click Apply - Implement recommended rules instantly
GitHub Permission Required
Branch protection requires the Administration permission in your GitHub App installation. Most organizations have already granted this permission.
Quick Start: Require Resolved Conversations
Want to block PRs until all review conversations are resolved? Here's the fastest way:
- Go to Repository Settings → Branch Protection
- Click Configure with AI
- Type:
Require all conversations to be resolved before merging on main - Click Apply when Jasper shows the configuration
Alternative Quick Prompts
- "Use the Conversations Required template"
- "Enable conversation resolution for main branch"
- "Block merging until all comments are addressed"
- "Use Strict template" (includes conversation resolution + more)
Accessing Branch Protection
- Go to Repositories and select a repository
- Click the Settings tab
- Find the Branch Protection card
- Click Configure with AI to open the chat interface
AI Chat Interface
The AI chat interface is the easiest way to configure branch protection. Simply describe what you want, and Jasper will generate the appropriate rules.
Example Prompts
- "Set up basic protection for my main branch"
- "I want to require 2 code reviews before merging"
- "What protection do you recommend for a production app?"
- "Enable strict mode with required status checks"
- "Lock down the release branch so only admins can push"
How It Works
- Ask - Type your question or requirement in natural language
- Review - Jasper explains the recommended configuration
- Apply - Click "Apply" to implement the changes
- Verify - Jasper confirms the rules are in place
Protection Templates
Choose from predefined templates for common use cases:
Standard Protection
Good for most repositories. Includes:
- Require 1 pull request review
- Require status checks to pass
- Block force pushes
- Block branch deletion
Strict Protection
For production-critical repositories. Includes everything in Standard plus:
- Require 2 pull request reviews
- Require code owner review
- Dismiss stale reviews when new commits are pushed
- Require conversation resolution
- Require branches to be up to date
Locked Protection
Maximum security for release branches. Includes everything in Strict plus:
- Require linear history (no merge commits)
- Apply rules to administrators
- Lock the branch (read-only)
Conversations Required
Ensures all Jasper review conversations are resolved before merging. Includes everything in Standard plus:
- Require
jasper/conversations-resolvedstatus check - Require conversation resolution
- PRs cannot merge until all Jasper comments are marked as resolved
Why Use Conversations Required?
This template is ideal for teams that want to ensure all code review feedback is addressed before merging. Unlike GitHub's native conversation resolution (which only tracks GitHub review threads), this tracks Jasper's inline comments specifically.
When to Use Each Template
| Template | Best For | Conversation Resolution |
|---|---|---|
| Standard | Small teams, personal projects, fast iteration | No |
| Conversations Required | Teams wanting to ensure feedback is addressed without heavy review requirements | Yes + Jasper status check |
| Strict | Production apps, larger teams, compliance needs | Yes |
| Locked | Release branches, audit trails, maximum security | Yes |
Available Protection Rules
Jasper can configure all GitHub branch protection options:
Pull Request Requirements
| Rule | Description |
|---|---|
| Required Reviews | Number of approving reviews required (1-6) |
| Dismiss Stale Reviews | Invalidate approvals when new commits are pushed |
| Require Code Owners | Require review from designated code owners |
| Last Push Approval | Require approval from someone other than the last pusher |
| Conversation Resolution | All PR conversations must be resolved before merge |
Status Check Requirements
| Rule | Description |
|---|---|
| Required Status Checks | Specific CI checks that must pass |
| Strict Status Checks | Branch must be up to date before merging |
Push Restrictions
| Rule | Description |
|---|---|
| Block Force Pushes | Prevent history rewriting |
| Block Deletions | Prevent branch from being deleted |
| Push Restrictions | Limit who can push directly (bypassing PRs) |
| Linear History | Require rebase or squash (no merge commits) |
| Lock Branch | Make branch completely read-only |
Admin Enforcement
| Rule | Description |
|---|---|
| Enforce for Admins | Apply all rules to repository administrators too |
Adding Jasper as a Status Check
To make Quality Gates block PRs, add Jasper as a required status check:
- Open the branch protection chat
- Ask: "Add Jasper as a required status check"
- Or manually in GitHub: Settings → Branches → Add rule → Require status checks → Search for "Jasper"
Pro Tip
When you add Jasper as a required status check, PRs cannot be merged until Jasper completes its review and the quality gates pass. This ensures all code is reviewed before merging.
Jasper Conversations Resolution Check
Jasper provides a dedicated status check called jasper/conversations-resolved that ensures
all review feedback is addressed before a PR can be merged.
How It Works
- Jasper creates inline comments - During code review, Jasper leaves comments on specific lines
- Status check is created - A GitHub check run tracks the resolution status
- Team resolves conversations - Developers mark comments as resolved after addressing them
- Check updates automatically - The status updates in real-time as conversations are resolved
- PR can merge - Once all conversations are resolved, the check passes
What Counts as a Conversation?
The following Jasper comments are tracked for resolution:
- Inline code comments - Comments left on specific lines of code
- Suggestion comments - Code improvement suggestions with "Apply fix" buttons
- Security warnings - Critical security issues flagged by Jasper
- Quality gate failures - Specific issues that caused a quality gate to fail
Not tracked: General PR summary comments, review status updates, and automated notifications are not counted as conversations requiring resolution.
How to Resolve Conversations
There are several ways to resolve Jasper conversations:
- Click "Resolve conversation" - On any Jasper comment thread in GitHub, click the "Resolve conversation" button
- Apply the suggested fix - If Jasper provides a code suggestion, clicking "Apply fix" automatically resolves the conversation
- Push a commit that addresses the issue - If you fix the code manually and push, you can then resolve the conversation
- Reply and resolve - Add a reply explaining why the feedback doesn't apply, then resolve
New Commits May Create New Conversations
When you push new commits, Jasper will re-review the changes. This may create new inline comments that also need to be resolved. The status check updates automatically to reflect the new total.
Jasper vs GitHub Conversation Resolution
There are two types of conversation resolution available:
| Feature | GitHub Native | Jasper Status Check |
|---|---|---|
| Setting | required_conversation_resolution |
jasper/conversations-resolved status check |
| Tracks | All GitHub review threads | Jasper inline comments only |
| Best for | Ensuring all human reviewer feedback is addressed | Ensuring all AI review feedback is addressed |
| Recommendation | Use both together for maximum coverage | |
Status Check States
| Status | Description |
|---|---|
| In Progress | Some conversations are still unresolved (e.g., "3/5 conversations resolved") |
| Success | All conversations have been resolved |
| Neutral | No conversations to resolve (no inline comments were created) |
Enabling Conversations Required
To require all Jasper conversations to be resolved before merging:
Option 1: Use the Template
- Go to Repository Settings → Branch Protection
- Click Manual Rules or Rulesets tab
- Click the Conversations Required template (cyan button)
- Enter your branch name (e.g.,
main) - Save the rule
Option 2: Add to Existing Rules
- Edit your existing branch protection rule
- Under "Require status checks to pass", add
jasper/conversations-resolved - Save the changes
Option 3: Ask the AI
In the branch protection chat, ask:
- "Require all Jasper conversations to be resolved before merging"
- "Add the conversations required check to my main branch"
- "Block PRs until all review comments are addressed"
Viewing Current Protection
To see what protection rules are currently active:
- Open the branch protection interface
- Click View Current Rules
- Jasper will fetch and display the current GitHub configuration
You can also ask the AI: "What protection is currently set up?"
GitHub Rulesets
Jasper also supports the newer GitHub Rulesets feature, which offers additional capabilities:
- Multiple Rulesets - Apply different rules to different branch patterns
- Evaluate Mode - Test rules before enforcing them
- Organization Rulesets - Apply rules across all repos (Enterprise)
- Better Visibility - Anyone with read access can see active rules
Ask the AI: "Set up a ruleset for all feature branches" to use this feature.
Best Practices
For Small Teams
- Start with Standard protection
- Require 1 review minimum
- Add Jasper as a required status check
- Block force pushes to prevent accidents
For Larger Teams
- Use Strict protection for main branches
- Require 2+ reviews for important repositories
- Enable code owners for critical paths
- Require conversation resolution
For Compliance Requirements
- Use Locked protection for release branches
- Enforce rules for administrators
- Require linear history for audit trails
- Enable branch deletion protection
Troubleshooting
Permission Denied Error
If you see a permission error when applying rules:
- Verify the Jasper GitHub App has Administration permission
- Check that you're an admin or owner of the repository
- Try reinstalling the GitHub App with updated permissions
Rules Not Being Enforced
- Verify the branch name matches the protection pattern
- Check if "Enforce for administrators" is enabled
- Ensure you're not bypassing via the GitHub UI
Status Check Not Found
If "Jasper" doesn't appear in the status check list:
- Trigger at least one review on the repository first
- Status checks only appear after they've run once
- Try creating a test PR to generate the status check
AI Security Recommendations
Jasper proactively analyzes your repositories and suggests security improvements:
- Security Gap - "Main branch has no protection" (Critical)
- Best Practice - "Consider requiring code owner reviews" (Medium)
- New Feature - "GitHub now supports merge queues" (Info)
- Optimization - "You require 3 reviews but only have 2 contributors" (Low)
These recommendations appear in the branch protection interface and can be applied with a single click.