diff --git a/.aider.conventions.md b/.aider.conventions.md
index ecfd5ff..3a48fa7 100644
--- a/.aider.conventions.md
+++ b/.aider.conventions.md
@@ -224,9 +224,11 @@ Key skills:
 
 ### Git
 - Conventional commits: `feat:`, `fix:`, `chore:`, `docs:`, `refactor:`
-- Branch naming: `feat/short-description`, `fix/short-description`
-- PRs: one concern per PR, description explains *why* not *what*
-- **Branch protection:** always work on a feature branch, open a PR, never push directly to main
+- **Trunk-Based Development:** commit directly to main. One logical change per commit.
+- Run `task check` locally before every push. CI is the quality gate, not branch protection.
+- No feature branches, no PRs for solo/agent work.
+- Exception: if a parallel agent session is active on this repo, use a short-lived
+  `agent/<description>` branch and merge within the same session.
 
 ### Security
 - No secrets in code, ever — use env vars or SOPS-encrypted files
@@ -264,7 +266,8 @@ When acting as a coding agent on this project:
 3. If unsure about a convention, check `DECISIONS.md` or ask
 4. Never modify files outside the project root without explicit permission
 5. When adding a dependency, explain why in the commit message
-6. Always work on a feature branch and open a PR — never push directly to main
+6. Commit directly to main. Run `task check` before every push. Never create
+   feature branches unless a parallel agent is simultaneously active on this repo.
 7. For client projects: never send code or context to cloud APIs — use local models via LiteLLM
 
 ## Current state — v0.2.5 (2026-05-17)
diff --git a/.context/PROJECT.md b/.context/PROJECT.md
index 1d967a9..3189da0 100644
--- a/.context/PROJECT.md
+++ b/.context/PROJECT.md
@@ -37,9 +37,11 @@
 
 ### Git
 - Conventional commits: `feat:`, `fix:`, `chore:`, `docs:`, `refactor:`
-- Branch naming: `feat/short-description`, `fix/short-description`
-- PRs: one concern per PR, description explains *why* not *what*
-- **Branch protection:** always work on a feature branch, open a PR, never push directly to main
+- **Trunk-Based Development:** commit directly to main. One logical change per commit.
+- Run `task check` locally before every push. CI is the quality gate, not branch protection.
+- No feature branches, no PRs for solo/agent work.
+- Exception: if a parallel agent session is active on this repo, use a short-lived
+  `agent/<description>` branch and merge within the same session.
 
 ### Security
 - No secrets in code, ever — use env vars or SOPS-encrypted files
@@ -77,7 +79,8 @@ When acting as a coding agent on this project:
 3. If unsure about a convention, check `DECISIONS.md` or ask
 4. Never modify files outside the project root without explicit permission
 5. When adding a dependency, explain why in the commit message
-6. Always work on a feature branch and open a PR — never push directly to main
+6. Commit directly to main. Run `task check` before every push. Never create
+   feature branches unless a parallel agent is simultaneously active on this repo.
 7. For client projects: never send code or context to cloud APIs — use local models via LiteLLM
 
 ## Current state — v0.2.5 (2026-05-17)
diff --git a/.context/system-prompt.txt b/.context/system-prompt.txt
index a597838..b348d6c 100644
--- a/.context/system-prompt.txt
+++ b/.context/system-prompt.txt
@@ -229,9 +229,11 @@ Key skills:
 
 ### Git
 - Conventional commits: `feat:`, `fix:`, `chore:`, `docs:`, `refactor:`
-- Branch naming: `feat/short-description`, `fix/short-description`
-- PRs: one concern per PR, description explains *why* not *what*
-- **Branch protection:** always work on a feature branch, open a PR, never push directly to main
+- **Trunk-Based Development:** commit directly to main. One logical change per commit.
+- Run `task check` locally before every push. CI is the quality gate, not branch protection.
+- No feature branches, no PRs for solo/agent work.
+- Exception: if a parallel agent session is active on this repo, use a short-lived
+  `agent/<description>` branch and merge within the same session.
 
 ### Security
 - No secrets in code, ever — use env vars or SOPS-encrypted files
@@ -269,7 +271,8 @@ When acting as a coding agent on this project:
 3. If unsure about a convention, check `DECISIONS.md` or ask
 4. Never modify files outside the project root without explicit permission
 5. When adding a dependency, explain why in the commit message
-6. Always work on a feature branch and open a PR — never push directly to main
+6. Commit directly to main. Run `task check` before every push. Never create
+   feature branches unless a parallel agent is simultaneously active on this repo.
 7. For client projects: never send code or context to cloud APIs — use local models via LiteLLM
 
 ## Current state — v0.2.5 (2026-05-17)
diff --git a/.cursorrules b/.cursorrules
index ba26911..d6aa3bb 100644
--- a/.cursorrules
+++ b/.cursorrules
@@ -227,9 +227,11 @@ Key skills:
 
 ### Git
 - Conventional commits: `feat:`, `fix:`, `chore:`, `docs:`, `refactor:`
-- Branch naming: `feat/short-description`, `fix/short-description`
-- PRs: one concern per PR, description explains *why* not *what*
-- **Branch protection:** always work on a feature branch, open a PR, never push directly to main
+- **Trunk-Based Development:** commit directly to main. One logical change per commit.
+- Run `task check` locally before every push. CI is the quality gate, not branch protection.
+- No feature branches, no PRs for solo/agent work.
+- Exception: if a parallel agent session is active on this repo, use a short-lived
+  `agent/<description>` branch and merge within the same session.
 
 ### Security
 - No secrets in code, ever — use env vars or SOPS-encrypted files
@@ -267,7 +269,8 @@ When acting as a coding agent on this project:
 3. If unsure about a convention, check `DECISIONS.md` or ask
 4. Never modify files outside the project root without explicit permission
 5. When adding a dependency, explain why in the commit message
-6. Always work on a feature branch and open a PR — never push directly to main
+6. Commit directly to main. Run `task check` before every push. Never create
+   feature branches unless a parallel agent is simultaneously active on this repo.
 7. For client projects: never send code or context to cloud APIs — use local models via LiteLLM
 
 ## Current state — v0.2.5 (2026-05-17)
diff --git a/.gitea/workflows/cd.yml b/.gitea/workflows/cd.yml
index 0b6c67e..32acf64 100644
--- a/.gitea/workflows/cd.yml
+++ b/.gitea/workflows/cd.yml
@@ -4,8 +4,6 @@ on:
   push:
     branches: [main]
     tags: ["v*"]
-  pull_request:
-    branches: [main]
 
 env:
   IMAGE: gitea-mcp
@@ -43,7 +41,6 @@ jobs:
     name: Build & Import
     needs: check
     runs-on: self-hosted
-    if: github.event_name != 'pull_request'
     outputs:
       image-tag: ${{ steps.meta.outputs.sha-tag }}
     steps:
diff --git a/.githooks/pre-push b/.githooks/pre-push
new file mode 100644
index 0000000..f6dc96b
--- /dev/null
+++ b/.githooks/pre-push
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+set -euo pipefail
+echo "→ Running task check before push..."
+task check
+echo "✓ pre-push check passed"
diff --git a/AGENTS.md b/AGENTS.md
index ecfd5ff..3a48fa7 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -224,9 +224,11 @@ Key skills:
 
 ### Git
 - Conventional commits: `feat:`, `fix:`, `chore:`, `docs:`, `refactor:`
-- Branch naming: `feat/short-description`, `fix/short-description`
-- PRs: one concern per PR, description explains *why* not *what*
-- **Branch protection:** always work on a feature branch, open a PR, never push directly to main
+- **Trunk-Based Development:** commit directly to main. One logical change per commit.
+- Run `task check` locally before every push. CI is the quality gate, not branch protection.
+- No feature branches, no PRs for solo/agent work.
+- Exception: if a parallel agent session is active on this repo, use a short-lived
+  `agent/<description>` branch and merge within the same session.
 
 ### Security
 - No secrets in code, ever — use env vars or SOPS-encrypted files
@@ -264,7 +266,8 @@ When acting as a coding agent on this project:
 3. If unsure about a convention, check `DECISIONS.md` or ask
 4. Never modify files outside the project root without explicit permission
 5. When adding a dependency, explain why in the commit message
-6. Always work on a feature branch and open a PR — never push directly to main
+6. Commit directly to main. Run `task check` before every push. Never create
+   feature branches unless a parallel agent is simultaneously active on this repo.
 7. For client projects: never send code or context to cloud APIs — use local models via LiteLLM
 
 ## Current state — v0.2.5 (2026-05-17)
diff --git a/CLAUDE.md b/CLAUDE.md
index 1d967a9..3189da0 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -37,9 +37,11 @@
 
 ### Git
 - Conventional commits: `feat:`, `fix:`, `chore:`, `docs:`, `refactor:`
-- Branch naming: `feat/short-description`, `fix/short-description`
-- PRs: one concern per PR, description explains *why* not *what*
-- **Branch protection:** always work on a feature branch, open a PR, never push directly to main
+- **Trunk-Based Development:** commit directly to main. One logical change per commit.
+- Run `task check` locally before every push. CI is the quality gate, not branch protection.
+- No feature branches, no PRs for solo/agent work.
+- Exception: if a parallel agent session is active on this repo, use a short-lived
+  `agent/<description>` branch and merge within the same session.
 
 ### Security
 - No secrets in code, ever — use env vars or SOPS-encrypted files
@@ -77,7 +79,8 @@ When acting as a coding agent on this project:
 3. If unsure about a convention, check `DECISIONS.md` or ask
 4. Never modify files outside the project root without explicit permission
 5. When adding a dependency, explain why in the commit message
-6. Always work on a feature branch and open a PR — never push directly to main
+6. Commit directly to main. Run `task check` before every push. Never create
+   feature branches unless a parallel agent is simultaneously active on this repo.
 7. For client projects: never send code or context to cloud APIs — use local models via LiteLLM
 
 ## Current state — v0.2.5 (2026-05-17)
diff --git a/README.md b/README.md
index bb010f1..ddacfc2 100644
--- a/README.md
+++ b/README.md
@@ -2,3 +2,14 @@
 
 Streamable HTTP MCP service exposing Gitea repo operations to Claude apps.
 See `~/dev/AI/infra/docs/superpowers/specs/2026-05-04-gitea-mcp-gitops-workflow-design.md`.
+
+## Quickstart
+
+```bash
+task setup:hooks   # installs .githooks/pre-push — runs task check before every push
+task check         # context sync + lint + test + vet
+task build         # produces bin/gitea-mcp
+```
+
+This repo uses Trunk-Based Development. Commit directly to `main`. The pre-push
+hook enforces the quality gate locally; CI re-runs `task check` on every push.
diff --git a/Taskfile.yml b/Taskfile.yml
index c0fe26f..21f25a6 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -47,6 +47,13 @@ tasks:
     cmds:
       - bash scripts/context-sync.sh
 
+  setup:hooks:
+    desc: Install git hooks (.githooks/pre-push)
+    cmds:
+      - git config core.hooksPath .githooks
+      - chmod +x .githooks/pre-push
+      - echo "✓ git hooks installed (pre-push runs task check)"
+
   context:sync:claude:
     cmds: [bash scripts/context-sync.sh claude]
   context:sync:agents: