Snapshot and rollback for project settings (push rules, branch protections, compliance frameworks)

Problem

When governance policy changes are applied to projects (whether individually or in bulk), there is no mechanism to capture the previous state or roll back if the change causes problems. Audit events log what changed, but restoring previous settings requires manually reconstructing old values from audit logs and re-applying them one by one.

Agentic Context

Agent misconfiguration at scale is the nightmare scenario. An agent with governance write access modifies settings on 200 projects as part of a DAP flow. The change is wrong. Without snapshot/rollback, recovery requires manually inspecting and restoring each project individually. At agent speed, errors compound before anyone notices. Snapshot/rollback is the safety net that makes agent-driven governance changes reversible.

This connects to the speculative execution and universal rollback concept in #591235 (Agent Speculative Execution), where all agent writes are buffered and reviewable before commit.

Field Evidence

A Professional Services tool deployed at a regulated enterprise customer captures full project state (push rules, branch protections, compliance frameworks) as a JSON snapshot before any changes. Any previous snapshot can be used to roll back to a known-good state in a single operation. This follows the Terraform state model (snapshot + plan + apply + rollback).

Proposal

  1. Before any bulk or group-level settings change, automatically capture a snapshot of affected project settings
  2. Store snapshots as versioned, queryable records (similar to Terraform state files)
  3. Provide a rollback API and UI that restores a previous snapshot to all affected projects
  4. Support selective rollback (restore only push rules, or only branch protections)
  5. Log snapshot creation and rollback events in audit log

DAP & AI Governance Cross-References

  • &14897 -- Custom compliance frameworks improvements (proposed parent epic)
  • &20466 -- Admin HITL Guardrails for Agent Actions (rollback as safety net)
  • #591235 -- Agent Speculative Execution & Universal Rollback (same pattern)
  • #585931 -- DAP Governance: Automated approval workflows

Part of Governance-as-Code Series

This is one of 9 related issues: #591821, #591822, #591823, #591824, #591825, #591826, #591827, #591828, #591829

Edited by Falko Sieverding