diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b3634196..e92f2121 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -59,7 +59,7 @@ jobs:
       contents: read
       packages: write
     env:
-      IMAGE_NAME: ghcr.io/${{ toLower(github.repository) }}
+      IMAGE_NAME: ghcr.io/${{ github.repository }}
     steps:
       - uses: actions/checkout@v4
       - uses: docker/setup-buildx-action@v3
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 7f8043bb..ef9c1254 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -20,10 +20,10 @@ jobs:
     runs-on: ubuntu-latest
     env:
       DEPLOY_PATH: ${{ secrets.VPS_DEPLOY_PATH || '/opt/autocoder' }}
-      TARGET_BRANCH: ${{ secrets.VPS_BRANCH || 'master' }}
+      TARGET_BRANCH: ${{ secrets.VPS_BRANCH || 'main' }}
       VPS_PORT: ${{ secrets.VPS_PORT || '22' }}
-      IMAGE_LATEST: ghcr.io/${{ toLower(github.repository) }}:latest
-      IMAGE_SHA: ghcr.io/${{ toLower(github.repository) }}:${{ github.event.workflow_run.head_sha }}
+      IMAGE_LATEST: ghcr.io/${{ github.repository }}:latest
+      IMAGE_SHA: ghcr.io/${{ github.repository }}:${{ github.event.workflow_run.head_sha }}
     steps:
       - name: Deploy over SSH with Docker Compose
         uses: appleboy/ssh-action@v1.2.4
diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
index a487e076..d8a52fe4 100644
--- a/.github/workflows/pr-check.yml
+++ b/.github/workflows/pr-check.yml
@@ -12,6 +12,20 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  repo-guards:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Ensure .code is not tracked
+        shell: bash
+        run: |
+          tracked="$(git ls-files -- .code)"
+          if [ -n "$tracked" ]; then
+            echo "The .code/ directory must not be tracked."
+            echo "$tracked"
+            exit 1
+          fi
+
   python:
     runs-on: ubuntu-latest
     steps: