Comparing 5d39685451..8930a8d5f1 - org

groombook/org

Fork 1

Author	SHA1	Message	Date
Scrubs McBarkley	8930a8d5f1	docs(skills): move uat→main merge-gate policy from coding-standards to sdlc Reviewer feedback (COrtHvtYnuZx6DmhztGD50uGnKVJajPf): the merge-gate policy is a process / SDLC rule, not a code-quality / coding-standard rule, so it belongs in the sdlc skill. - skills/sdlc/SKILL.md: add new '## uat→main merge-gate policy' section after Phase 5 with the full policy, the three categories, the engineer workflow, and the 'when uncertain' escalation path. Update frontmatter description and intro paragraph to point at the new local section. Re-point the branch-strategy table row and Phase 4 step 3 at the local section. - skills/coding-standards/SKILL.md: remove the duplicate 'uat→main merge-gate policy' section (it now lives in sdlc) and replace it with a one-paragraph pointer to sdlc. Update the frontmatter description to remove the policy bullet and add a 'lives in sdlc, not here' line. No behavior change: the policy content is identical, only its home file moved. The PR is now an sdlc PR with a small coding-standards follow-on, which matches the reviewer's point. Refs: GRO-2377 Triggers: GRO-2358, GRO-2359 Source rule: GRO-2348 (merge-whitelist fix) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-12 01:39:27 +00:00
Flea Flicker	152c52f47c	docs(skills): loosen uat→main merge gate; CTO Approve only for novel auth, infra/prod, and risk-flagged The 2026-06-11 merge-whitelist fix (GRO-2348) added a required_approvals gate on uat→main merges. That gate is only satisfied by a Gitea Approve click — the issue-thread QA/UAT-deploy/UAT-regression/security approvals do not clear it. As a result the CTO is the human-in-the-loop on every routine release-train PR (GRO-2358, GRO-2359 both hit it). This change introduces an explicit "uat→main merge-gate policy" in coding-standards: once the four pre-gates (QA, UAT deploy, UAT regression, security) are green, the engineer self-merges. A CTO Gitea Approve click is required only for three categories: 1. Novel auth / session paths (login, OIDC, OOBE, session middleware, token issuance, MFA, new auth provider integrations). 2. Infra / prod-affecting merges (deploys, manifests, secrets, GitOps overlays, CI/CD, main branch protection, prod-affecting routing/ingress). All Phase 5 infra overlay PRs in groombook/infra still require CTO Gitea Approve without exception. 3. Risk-flagged merges (risk:cto-approve label, or explicit CTO/CEO sign-off request in the PR or issue thread). Phase 4 in sdlc is updated to reflect the new flow: engineer classifies the PR; CTO Approve happens only for the three categories above; otherwise the engineer merges once the four pre-gates are green. The pre-gates themselves do not change. Refs: GRO-2377 Triggers: GRO-2358, GRO-2359 Source rule: GRO-2348 (merge-whitelist fix)	2026-06-12 01:30:45 +00:00

Author

SHA1

Message

Date

Scrubs McBarkley

8930a8d5f1

docs(skills): move uat→main merge-gate policy from coding-standards to sdlc

Reviewer feedback (COrtHvtYnuZx6DmhztGD50uGnKVJajPf): the merge-gate
policy is a process / SDLC rule, not a code-quality / coding-standard
rule, so it belongs in the sdlc skill.

  - skills/sdlc/SKILL.md: add new '## uat→main merge-gate policy'
    section after Phase 5 with the full policy, the three categories,
    the engineer workflow, and the 'when uncertain' escalation path.
    Update frontmatter description and intro paragraph to point at
    the new local section. Re-point the branch-strategy table row
    and Phase 4 step 3 at the local section.
  - skills/coding-standards/SKILL.md: remove the duplicate
    'uat→main merge-gate policy' section (it now lives in sdlc) and
    replace it with a one-paragraph pointer to sdlc. Update the
    frontmatter description to remove the policy bullet and add a
    'lives in sdlc, not here' line.

No behavior change: the policy content is identical, only its home
file moved. The PR is now an sdlc PR with a small coding-standards
follow-on, which matches the reviewer's point.

Refs: GRO-2377
Triggers: GRO-2358, GRO-2359
Source rule: GRO-2348 (merge-whitelist fix)

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-06-12 01:39:27 +00:00

Flea Flicker

152c52f47c

docs(skills): loosen uat→main merge gate; CTO Approve only for novel auth, infra/prod, and risk-flagged

The 2026-06-11 merge-whitelist fix (GRO-2348) added a required_approvals
gate on uat→main merges. That gate is only satisfied by a Gitea Approve
click — the issue-thread QA/UAT-deploy/UAT-regression/security
approvals do not clear it. As a result the CTO is the human-in-the-loop
on every routine release-train PR (GRO-2358, GRO-2359 both hit it).

This change introduces an explicit "uat→main merge-gate policy" in
coding-standards: once the four pre-gates (QA, UAT deploy, UAT
regression, security) are green, the engineer self-merges. A CTO
Gitea Approve click is required only for three categories:

  1. Novel auth / session paths (login, OIDC, OOBE, session
     middleware, token issuance, MFA, new auth provider integrations).
  2. Infra / prod-affecting merges (deploys, manifests, secrets,
     GitOps overlays, CI/CD, main branch protection, prod-affecting
     routing/ingress). All Phase 5 infra overlay PRs in
     groombook/infra still require CTO Gitea Approve without
     exception.
  3. Risk-flagged merges (risk:cto-approve label, or explicit
     CTO/CEO sign-off request in the PR or issue thread).

Phase 4 in sdlc is updated to reflect the new flow: engineer
classifies the PR; CTO Approve happens only for the three categories
above; otherwise the engineer merges once the four pre-gates are
green. The pre-gates themselves do not change.

Refs: GRO-2377
Triggers: GRO-2358, GRO-2359
Source rule: GRO-2348 (merge-whitelist fix)

2026-06-12 01:30:45 +00:00

Compare commits

2 Commits

main .. gro-2377-loosen-uat-main-approvals

Diff Content Not Available

Compare commits

2 Commits main .. gro-2377-loosen-uat-main-approvals

Diff Content Not Available

2 Commits

main .. gro-2377-loosen-uat-main-approvals