refactor(skills): mirror groombook sdlc structure, split devops skill
- sdlc: trim to application-repo scope with Phase 1-5 pipeline; engineer self-merges all branches with per-branch prerequisites; move infra, Flux, tofu, and operator-install content out - devops: new skill mirroring groombook/org/skills/devops — owns cartsnitch/infra, Flux GitOps, OpenTofu controller, cluster topology, Flux Image Tag Automation denied policy - safety: add Gitea-origin board-approval gate, board-approval scope section, and adapterConfig.env read-before-write rule - coding-standards: replace "no agent merges their own PR" with the reviews-required-then-engineer-may-merge rule consistent with sdlc - CLAUDE.md: update skill index, branch & merge policy, and SDLC phase summary to reflect engineer-self-merge and the new devops skill Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -5,8 +5,9 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
|
||||
## Repository Purpose
|
||||
|
||||
This is the **CartSnitch org-level governance repository** — it contains operational policies and skill definitions for AI agents that develop and maintain the CartSnitch e-commerce platform. It is **not an application codebase**; there is nothing to build or test here. All policy lives in `skills/`:
|
||||
- `skills/sdlc/` — Software development lifecycle, branch strategy, deployment via Flux GitOps, infrastructure layout
|
||||
- `skills/safety/` — Non-negotiable rules: secret handling, SealedSecrets workflow, kubectl scope limits, destructive-action gating
|
||||
- `skills/sdlc/` — Application code lifecycle: branch strategy, SDLC phases 1-5, Stage 1 CI image build, auth framework, application-tool policy, delegation tier
|
||||
- `skills/devops/` — Infrastructure lifecycle on `cartsnitch/infra`: Flux GitOps reconciliation, OpenTofu controller, cluster topology, operator install
|
||||
- `skills/safety/` — Non-negotiable rules: secret handling, SealedSecrets workflow, kubectl scope limits, destructive-action gating, Gitea-origin board-approval gate
|
||||
- `skills/coding-standards/` — Engineering quality bar, priority ordering, test requirements, task decomposition template
|
||||
|
||||
## Safety (Non-Negotiable)
|
||||
@@ -60,8 +61,11 @@ If a task has `originKind: "gitea"`, do not begin work — create a board approv
|
||||
|
||||
## Branch & Merge Policy
|
||||
|
||||
- Engineers target `dev` only — never `uat` or `main` directly
|
||||
- No self-merge: CTO merges `dev` and `uat` PRs; CEO merges `main` PR
|
||||
- Engineers target `dev` first — never `uat` or `main` directly
|
||||
- Engineer merges all three branches; prerequisites differ:
|
||||
- `dev`: CI passes
|
||||
- `uat`: QA (Checkout Charlie) code review approval
|
||||
- `main`: UAT validation (Deal Dottie), security review (Stockboy Steve), CEO (Coupon Carl) code review approval
|
||||
- All PRs include `cc @cpfarhood` at the bottom (visibility, not review)
|
||||
- Flux Image Tag Automation is **denied** — image updates must be intentional PRs to `cartsnitch/infra`
|
||||
|
||||
@@ -99,11 +103,13 @@ Hold a high bar. PRs with obvious mistakes, missing tests, hardcoded values, or
|
||||
|
||||
## SDLC Phase Summary
|
||||
|
||||
1. **Dev** — Engineer → PR → QA (Checkout Charlie `9b6012d0-0406-417e-bb22-78266a6e7f77`) → CTO (Savannah Savings `6ec1a5a9-113c-430b-90e6-260d60d79e1d`) → CTO merges
|
||||
2. **UAT** — CTO opens `dev→uat` PR → deploys → Deal Dottie (`161fb3bb-0332-4381-b67d-7c4b92a91133`) regression → Stockboy Steve (`d59d4b24-3cc3-4616-a23a-2b4776a489ca`) security review
|
||||
3. **Production** — CEO (Coupon Carl `cd91facf-8f4c-4cbd-b8d8-b48da5b50727`) reviews and merges `uat→main` → auto-deploy via Flux
|
||||
1. **Phase 1 — Dev**: Engineer → PR vs `dev` → CI pass → Engineer self-merges → auto-deploy to Dev (`dev.cartsnitch.com`)
|
||||
2. **Phase 2 — UAT promotion**: Engineer opens `dev→uat` PR → CI pass → QA (Checkout Charlie `9b6012d0-0406-417e-bb22-78266a6e7f77`) code review → Engineer merges → auto-deploy to UAT (`uat.cartsnitch.com`)
|
||||
3. **Phase 3 — UAT testing & security**: Deal Dottie (`161fb3bb-0332-4381-b67d-7c4b92a91133`) full regression → Stockboy Steve (`d59d4b24-3cc3-4616-a23a-2b4776a489ca`) security code review
|
||||
4. **Phase 4 — Production promotion**: Engineer opens `uat→main` PR → CI pass → CEO (Coupon Carl `cd91facf-8f4c-4cbd-b8d8-b48da5b50727`) code review → Engineer merges → CI builds & tags image
|
||||
5. **Phase 5 — Production deployment**: Engineer opens PR against `cartsnitch/infra` updating the overlay image tag → from here the `devops` skill owns review, merge, and Flux reconciliation to `cartsnitch.com`
|
||||
|
||||
If any phase fails, work returns to the engineer (CTO cascades).
|
||||
If any phase fails, work returns to the engineer. CTO (Savannah Savings `6ec1a5a9-113c-430b-90e6-260d60d79e1d`) is the escalation target for re-distribution and disputes.
|
||||
|
||||
## Agent Roster
|
||||
|
||||
|
||||
Reference in New Issue
Block a user