{
  "//": "──────────────────────────────────────────────────────────────────────",
  "//desc": "Repository ruleset  ·  rulesets/main-protection.json  ·  QRefAI Field Guide Part 3 (Q3.5)",
  "//how": "Import via the repo's Settings → Rules → Rulesets → 'Import a ruleset', or apply through the GitHub API. This is the template-enforced protection every product repo should inherit.",
  "//review": "'Automatically request Copilot code review' is enabled here via the pull_request rule's automatic_copilot_code_review settings. Copilot review is an EXTRA reviewer, NON-BLOCKING by design — pair it with a required HUMAN review (required_approving_review_count) so every AI-authored change gets both an AI and a human pass.",
  "//cost": "From June 1, 2026, Copilot code-review runs consume GitHub Actions minutes. Budget accordingly when enabling org-wide.",
  "//note": "JSON has no comments; the \"//\"-prefixed keys are inert documentation — delete in production.",
  "//────": "──────────────────────────────────────────────────────────────────────",

  "name": "main-branch-protection",
  "target": "branch",
  "enforcement": "active",

  "conditions": {
    "ref_name": {
      "include": ["refs/heads/main"],
      "exclude": []
    }
  },

  "rules": [
    {
      "type": "pull_request",
      "parameters": {
        "required_approving_review_count": 1,
        "dismiss_stale_reviews_on_push": true,
        "require_code_owner_review": true,
        "require_last_push_approval": true,
        "automatic_copilot_code_review": {
          "enabled": true,
          "review_new_pushes": true,
          "review_draft_pull_requests": false
        }
      }
    },
    {
      "type": "required_status_checks",
      "parameters": {
        "strict_required_status_checks_policy": true,
        "required_status_checks": [
          { "context": "build" },
          { "context": "test" },
          { "context": "lint" }
        ]
      }
    },
    { "type": "non_fast_forward" },
    { "type": "deletion" }
  ]
}