Code Review & Protected Branches

Pull/Merge Requests as a Quality Gate

On real teams, main is protected - you can't push to it directly. Changes must go through a Pull Request (GitHub) / Merge Request (GitLab).

ControlWhat it does
Branch protectionBlocks direct pushes to main; requires PRs
Required reviewsN approvals before merge
Required status checksCI/tests must pass before merge
CODEOWNERSAuto-requests review from the right people for changed paths
Linear historyRequires squash/rebase, no messy merge commits
Goal: Understand why this exists: main ships to production. Review + automated tests catch bugs before customers do, and PRs create a searchable record of why every change was made.

Good review etiquette: keep PRs small, write a clear description, respond to every comment, and don't merge your own PR without approval.

Tip: Squash-merge turns a messy 12-commit branch ("wip", "fix typo", "actually fix") into one clean commit on main. Great for a tidy history.