All posts
September 5, 20252 min read

The deploy was green, but no one could push

The deploy was green, but no one could push. That’s when you know authorization is broken. Not the “can’t log in” kind, but the deep kind. The kind buried in workflow, in permissions, in edge cases nobody thought to test. This is the shadow side of Mercurial when you scale it across teams, across projects, across years of messy commits. Authorization in Mercurial isn’t complicated in theory. In practice, it’s war against drift. Without clear access control rules, the history becomes a liabilit

Free White Paper

Blue-Green Deployment Security + Push-Based Authentication: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

The deploy was green, but no one could push.

That’s when you know authorization is broken. Not the “can’t log in” kind, but the deep kind. The kind buried in workflow, in permissions, in edge cases nobody thought to test. This is the shadow side of Mercurial when you scale it across teams, across projects, across years of messy commits.

Authorization in Mercurial isn’t complicated in theory. In practice, it’s war against drift. Without clear access control rules, the history becomes a liability. And when every developer has a local copy, mistakes are only one push away from contaminating the canonical repository.

The first step is understanding the tiers:

  • Read-only access
  • Write access
  • Administrative control

Those must align with your branching strategy. Without that, you end up granting either too much or too little power. Mercurial lets you control access through hooks, configuration files, and server rules, but each has tradeoffs. Hooks give you fine-grained checks before a push is accepted. Config files define repository-level permissions that travel with the repo. Server rules enforce policy from a central place, but require careful synchronization.

Continue reading? Get the full guide.

Blue-Green Deployment Security + Push-Based Authentication: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

To get it right, you need repeatable enforcement. Every repo, every user, same rules. That means defining patterns for who can push where, who can update stable branches, and who can merge changes. You need automated checks that don’t just block, but log and explain. Silent failure kills productivity; opaque rules create pushback.

Security matters, but so does velocity. The best authorization framework in Mercurial is one that makes the right thing the default. Users shouldn’t think about what they can or cannot do—they should just work, and the system should guard the gates.

Testing matters more than documentation. Changes to authorization rules should be tested in a controlled environment. Use throwaway branches and dummy users to simulate pushes from different roles. Watch how the system responds. Fix the edge cases before they become incident reports.

Mercurial’s extension system is your friend here. You can extend hooks to validate commit messages, enforce branch naming, reject force pushes except from admins, and even integrate with external identity providers. This way, authorization isn’t static—it evolves with your workflow.

If you want to see controlled, scalable, and tested authorization in action without endless setup, there’s a faster way. With hoop.dev you can spin up environments that replicate these rules, apply them to real repositories, and start testing in minutes. See it live, break it safely, and ship with confidence.

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts