Redesign: should agents be allowed to git push at all?

[sarahxsanders]

Context

From Vincent's review on PR #13 — the current exfiltration_git_push_non_origin rule only blocks pushes to non-origin remotes. Vincent raises three points:

1. Maybe agents should never push at all. There may not be a legitimate reason for an AI agent to push code.
2. "origin" is just a convention. Many developers working on forks call their remote "upstream" or something else. Filtering on the word "origin" isn't reliable.
3. Force pushes should be treated differently. A force push is more destructive and should be split into its own severity level.

Discussion needed

• Is "block all pushes" too aggressive? Some agent workflows (auto-PR creation) do need to push.
• Should we switch to an allow-list model (block all pushes EXCEPT to allow-listed remotes)?
• How to handle force pushes — separate rule or higher severity within the same rule?

Origin

PR #13 review comment by @gewenyu99

[gewenyu99]

No. Why would our wizard ever push? Maybe a loadable skillset for various write type Git skills.

For the wizard, we basically will never touch git or should never (?) like if we do we can script it instead of letting the agent