Reviewer feedback (COrtHvtYnuZx6DmhztGD50uGnKVJajPf): the merge-gate
policy is a process / SDLC rule, not a code-quality / coding-standard
rule, so it belongs in the sdlc skill.
- skills/sdlc/SKILL.md: add new '## uat→main merge-gate policy'
section after Phase 5 with the full policy, the three categories,
the engineer workflow, and the 'when uncertain' escalation path.
Update frontmatter description and intro paragraph to point at
the new local section. Re-point the branch-strategy table row
and Phase 4 step 3 at the local section.
- skills/coding-standards/SKILL.md: remove the duplicate
'uat→main merge-gate policy' section (it now lives in sdlc) and
replace it with a one-paragraph pointer to sdlc. Update the
frontmatter description to remove the policy bullet and add a
'lives in sdlc, not here' line.
No behavior change: the policy content is identical, only its home
file moved. The PR is now an sdlc PR with a small coding-standards
follow-on, which matches the reviewer's point.
Refs: GRO-2377
Triggers: GRO-2358, GRO-2359
Source rule: GRO-2348 (merge-whitelist fix)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The 2026-06-11 merge-whitelist fix (GRO-2348) added a required_approvals
gate on uat→main merges. That gate is only satisfied by a Gitea Approve
click — the issue-thread QA/UAT-deploy/UAT-regression/security
approvals do not clear it. As a result the CTO is the human-in-the-loop
on every routine release-train PR (GRO-2358, GRO-2359 both hit it).
This change introduces an explicit "uat→main merge-gate policy" in
coding-standards: once the four pre-gates (QA, UAT deploy, UAT
regression, security) are green, the engineer self-merges. A CTO
Gitea Approve click is required only for three categories:
1. Novel auth / session paths (login, OIDC, OOBE, session
middleware, token issuance, MFA, new auth provider integrations).
2. Infra / prod-affecting merges (deploys, manifests, secrets,
GitOps overlays, CI/CD, main branch protection, prod-affecting
routing/ingress). All Phase 5 infra overlay PRs in
groombook/infra still require CTO Gitea Approve without
exception.
3. Risk-flagged merges (risk:cto-approve label, or explicit
CTO/CEO sign-off request in the PR or issue thread).
Phase 4 in sdlc is updated to reflect the new flow: engineer
classifies the PR; CTO Approve happens only for the three categories
above; otherwise the engineer merges once the four pre-gates are
green. The pre-gates themselves do not change.
Refs: GRO-2377
Triggers: GRO-2358, GRO-2359
Source rule: GRO-2348 (merge-whitelist fix)
- coding-standards: replace "no agent merges their own PR" with the
reviews-required-then-engineer-may-merge rule consistent with sdlc
- safety: drop stale "No self-merging PRs" line from the merge-gate
rule for the same reason
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sending a partial adapterConfig.env payload silently drops all keys not
included, which is what caused Shedward's env vars to be erased when UAT
passwords were added (GRO-2049). Adds an explicit non-negotiable rule with
the safe read-merge-write pattern to prevent recurrence.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Phase 5 is an infra PR against groombook/infra, which means it is governed
by the devops pipeline. Spelling out a separate (QA-only) review flow here
both duplicates devops and contradicted its QA+CTO requirement. Replaced
the step list with a one-paragraph hand-off.
Resolves the policy ambiguity flagged in the PR description.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
devops/SKILL.md is now the canonical home for infrastructure lifecycle
(groombook/infra, single-branch main, Flux + OpenTofu controller, cluster
topology). sdlc/SKILL.md is scoped to application code (3-branch dev/uat/main,
Phases 1-5, Stage 1 CI image build, app-tool policy). Each skill cross-refs
the other and defers to coding-standards/safety for cross-cutting rules
rather than restating them.
Fixes in devops/SKILL.md:
- Rewrote frontmatter description (was a copy of sdlc, referenced phases
and dev/uat/prod that do not apply).
- Hoisted "applies to groombook/infra" to a top-level scope statement.
- Renumbered the pipeline (was 1,2,3,4,4,5,4,5,5) and fixed --base dev
-> --base main in the tea example.
- Closed an unterminated bold marker.
- Removed Authentication framework, Stage 1 image build, and the
"never tofu / never kubectl apply" lines (now cited from sdlc / safety).
- Trimmed the tools list to infra-only operators and controllers.
Trims in sdlc/SKILL.md:
- Removed Infrastructure topology, IaC, Stage 2 GitOps detail, the Flux
Image Automation DENIED policy, the "never tofu / never kubectl apply"
lines, and the External communication section (cited from devops /
safety / coding-standards instead).
- Trimmed the tools list to application-level dependency choices.
- Added a pointer from Phase 5 into the devops pipeline.
cc @cpfarhood
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
GroomBook images live on the Gitea registry, not GitHub. Update SDLC,
coding-standards, and CLAUDE.md to match.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Keep this branch's SDLC content (cartsnitch-aligned structure). Drop
adff13f's changes — registry should remain ghcr.io, engineer self-merges
to dev, and tool-deviation policy stays at board approval.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Set modelProfile cheap only for mechanical, bounded tasks. Leave unset
(judgment/reasoning/QA) for standard tier. When in doubt, leave unset.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- safety: drop tools section (moved to sdlc), add explicit kubectl-prod
ban, add no-tofu-direct rule, drop the merge-gate cross-reference into
a separate bullet
- sdlc: add Phase 0 product-analysis intake (CMPO Pawla as gate); add
scheduled penetration testing program (Barkley owns); standardize
authentication to Better-Auth + Google + Apple + Authentik; add
canonical tools section (moved from safety) including ghcr.io/groombook
registry standard; reorganize PR review sections to match the cross-org
pattern (named SDLC pipeline phases)
These were stale snapshots of skills owned by other orgs (better-auth,
fluxcd, greptileai, paperclipai, etc.) — Paperclip imports those
directly from their source repos at runtime. groombook/org should
contain only GroomBook-authored skills.
Mirrors the privilegedescalation/org pattern: extract company-wide
policy that was previously inlined in each agent's AGENTS.md into three
shared skills. Agents will reference these via one-line invocation
reminders in their Wake additions section.
Export all agent configs, skills, and company metadata from the
Paperclip control plane to match current GroomBook org state.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Scrubs McBarkley
Flea Flicker
Chris Farhood
Flea Flicker
The Dogfather