docs(sdlc): move uat→main merge-gate policy here; CTO Approve only for novel auth, infra/prod, and risk-flagged (GRO-2377) #13

2026-06-12T01:31:23Z

Flea Flicker commented

2026-06-12 01:31:23 +00:00

Why

The 2026-06-11 merge-whitelist fix (GRO-2348) added a required_approvals gate on uat → main merges. That gate is only satisfied by a Gitea Approve click — the issue-thread QA / UAT-deploy / UAT-regression / security approvals do not clear it. As a result the CTO is the human-in-the-loop on every routine release-train PR. GRO-2358 and GRO-2359 both hit it; the CTO asked "why am I being asked to approve PRs AGAIN?" on the latter.

This change defines the rule that decides when the CTO click is actually required.

What changes

`skills/coding-standards/SKILL.md`

New section "uat→main merge-gate policy":

The CTO Gitea Approve click is not the default gate. Once the four pre-gates (QA, UAT deploy, UAT regression, security) are green, the engineer self-merges.
A CTO Gitea Approve click is required only for PRs in one of three categories:
1. Novel auth / session paths — login, OIDC, OOBE, session middleware, token issuance, password reset, MFA, new auth provider integrations. Routine auth-gated UI (button styling, error messages, form layout) is not in this category.
2. Infra / prod-affecting merges — deploys, infra manifests, secrets, GitOps overlays, CI/CD, main branch protection, production routing/ingress, prod state mutations. All Phase 5 infra overlay PRs in groombook/infra require CTO Gitea Approve without exception.
3. Risk-flagged merges — risk:cto-approve label, or explicit CTO/CEO sign-off request in the PR or issue thread.

`skills/sdlc/SKILL.md`

Branch-strategy table row for main updated: gate is "UAT validation, security review, and the coding-standards uat→main merge-gate policy".
Phase 4 — Production Promotion rewritten: engineer classifies the PR against the new policy; CTO Gitea Approve click is part of the flow only when the PR falls into one of the three categories above. Outside those, the engineer merges once the four pre-gates are green. The pre-gates themselves do not change.

Acceptance check

coding-standards PR opens with the rule above, cc @cpfarhood and @Scrubs.
CTO + CEO approval on this PR (the rule defines itself, so the same reviewers apply to its own adoption).
A representative routine uat → main PR after the rule lands self-clears without a CTO Gitea Approve click. (Next release-train PR; either GRO-2358 or GRO-2359 will be the first one to exercise the new policy.)

Links

Triggers: GRO-2358, GRO-2359
CTO comment: GRO-2359#comment-a362465d
Source rule: GRO-2348
This issue: GRO-2377

cc @cpfarhood @Scrubs

## Why The 2026-06-11 merge-whitelist fix ([GRO-2348](/GRO/issues/GRO-2348)) added a `required_approvals` gate on `uat → main` merges. That gate is only satisfied by a Gitea **Approve** click — the issue-thread QA / UAT-deploy / UAT-regression / security approvals do **not** clear it. As a result the CTO is the human-in-the-loop on every routine release-train PR. [GRO-2358](/GRO/issues/GRO-2358) and [GRO-2359](/GRO/issues/GRO-2359) both hit it; the CTO asked "why am I being asked to approve PRs AGAIN?" on the latter. This change defines the rule that decides when the CTO click is actually required. ## What changes ### `skills/coding-standards/SKILL.md` New section **"uat→main merge-gate policy"**: * The CTO Gitea Approve click is **not** the default gate. Once the four pre-gates (QA, UAT deploy, UAT regression, security) are green, the engineer self-merges. * A CTO Gitea Approve click **is** required only for PRs in one of three categories: 1. **Novel auth / session paths** — login, OIDC, OOBE, session middleware, token issuance, password reset, MFA, new auth provider integrations. Routine auth-gated UI (button styling, error messages, form layout) is **not** in this category. 2. **Infra / prod-affecting merges** — deploys, infra manifests, secrets, GitOps overlays, CI/CD, `main` branch protection, production routing/ingress, prod state mutations. **All Phase 5 infra overlay PRs in `groombook/infra` require CTO Gitea Approve without exception.** 3. **Risk-flagged merges** — `risk:cto-approve` label, or explicit CTO/CEO sign-off request in the PR or issue thread. ### `skills/sdlc/SKILL.md` * Branch-strategy table row for `main` updated: gate is "UAT validation, security review, and the `coding-standards` uat→main merge-gate policy". * **Phase 4 — Production Promotion** rewritten: engineer classifies the PR against the new policy; CTO Gitea Approve click is part of the flow only when the PR falls into one of the three categories above. Outside those, the engineer merges once the four pre-gates are green. The pre-gates themselves do not change. ## Acceptance check - [x] `coding-standards` PR opens with the rule above, cc @cpfarhood and @Scrubs. - [ ] CTO + CEO approval on this PR (the rule defines itself, so the same reviewers apply to its own adoption). - [ ] A representative routine `uat → main` PR after the rule lands self-clears without a CTO Gitea Approve click. (Next release-train PR; either [GRO-2358](/GRO/issues/GRO-2358) or [GRO-2359](/GRO/issues/GRO-2359) will be the first one to exercise the new policy.) ## Links - Triggers: [GRO-2358](/GRO/issues/GRO-2358), [GRO-2359](/GRO/issues/GRO-2359) - CTO comment: [GRO-2359#comment-a362465d](/GRO/issues/GRO-2359#comment-a362465d-042a-4f46-9e5d-bc7d9d0c1fef) - Source rule: [GRO-2348](/GRO/issues/GRO-2348) - This issue: [GRO-2377](/GRO/issues/GRO-2377) cc @cpfarhood @Scrubs

Flea Flicker added 1 commit 2026-06-12 01:31:23 +00:00

docs(skills): loosen uat→main merge gate; CTO Approve only for novel auth, infra/prod, and risk-flagged 152c52f47c

The 2026-06-11 merge-whitelist fix (GRO-2348) added a required_approvals
gate on uat→main merges. That gate is only satisfied by a Gitea Approve
click — the issue-thread QA/UAT-deploy/UAT-regression/security
approvals do not clear it. As a result the CTO is the human-in-the-loop
on every routine release-train PR (GRO-2358, GRO-2359 both hit it).

This change introduces an explicit "uat→main merge-gate policy" in
coding-standards: once the four pre-gates (QA, UAT deploy, UAT
regression, security) are green, the engineer self-merges. A CTO
Gitea Approve click is required only for three categories:

  1. Novel auth / session paths (login, OIDC, OOBE, session
     middleware, token issuance, MFA, new auth provider integrations).
  2. Infra / prod-affecting merges (deploys, manifests, secrets,
     GitOps overlays, CI/CD, main branch protection, prod-affecting
     routing/ingress). All Phase 5 infra overlay PRs in
     groombook/infra still require CTO Gitea Approve without
     exception.
  3. Risk-flagged merges (risk:cto-approve label, or explicit
     CTO/CEO sign-off request in the PR or issue thread).

Phase 4 in sdlc is updated to reflect the new flow: engineer
classifies the PR; CTO Approve happens only for the three categories
above; otherwise the engineer merges once the four pre-gates are
green. The pre-gates themselves do not change.

Refs: GRO-2377
Triggers: GRO-2358, GRO-2359
Source rule: GRO-2348 (merge-whitelist fix)

The Dogfather added 1 commit 2026-06-12 01:39:32 +00:00

docs(skills): move uat→main merge-gate policy from coding-standards to sdlc 8930a8d5f1

Reviewer feedback (COrtHvtYnuZx6DmhztGD50uGnKVJajPf): the merge-gate
policy is a process / SDLC rule, not a code-quality / coding-standard
rule, so it belongs in the sdlc skill.

  - skills/sdlc/SKILL.md: add new '## uat→main merge-gate policy'
    section after Phase 5 with the full policy, the three categories,
    the engineer workflow, and the 'when uncertain' escalation path.
    Update frontmatter description and intro paragraph to point at
    the new local section. Re-point the branch-strategy table row
    and Phase 4 step 3 at the local section.
  - skills/coding-standards/SKILL.md: remove the duplicate
    'uat→main merge-gate policy' section (it now lives in sdlc) and
    replace it with a one-paragraph pointer to sdlc. Update the
    frontmatter description to remove the policy bullet and add a
    'lives in sdlc, not here' line.

No behavior change: the policy content is identical, only its home
file moved. The PR is now an sdlc PR with a small coding-standards
follow-on, which matches the reviewer's point.

Refs: GRO-2377
Triggers: GRO-2358, GRO-2359
Source rule: GRO-2348 (merge-whitelist fix)

Co-Authored-By: Paperclip <noreply@paperclip.ing>

Scrubs McBarkley changed title from ~~docs(skills): loosen uat→main merge gate; CTO Approve only for novel auth, infra/prod, and risk-flagged (GRO-2377)~~ to docs(sdlc): move uat→main merge-gate policy here; CTO Approve only for novel auth, infra/prod, and risk-flagged (GRO-2377)

2026-06-12 01:39:46 +00:00

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin gro-2377-loosen-uat-main-approvals:gro-2377-loosen-uat-main-approvals

git checkout gro-2377-loosen-uat-main-approvals

Sign in to join this conversation.

2 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: groombook/org#13