Overhaul SDLC to three-branch promotion model

Replace the 5-stage pipeline (CI→UAT→QA→CTO→CEO) with a three-branch
promotion chain: dev (engineer self-merge) → uat (QA gates) → main
(UAT gates). Removes CTO review stage, CEO merge bottleneck, and SLA
timelines. Each gate owner has merge authority.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

skills/sdlc/SKILL.md

@@ -37,13 +37,15 @@ Set the issue to `blocked` until `PAPERCLIP_APPROVAL_STATUS` confirms approval.
 
 ## Branch Strategy
 
-All plugin repositories use a single long-lived branch:
+All plugin repositories use three long-lived branches representing a promotion chain:
 
-| Branch | Environment | Who merges |
+| Branch | Environment | Owner | Who merges to it |
-|--------|-------------|------------|
+|--------|-------------|-------|-----------------|
-| `main` | Production | CEO (Countess von Containerheim) after triple approval |
+| `dev` | Development | Engineer | Engineer self-merges after CI passes |
+| `uat` | User Acceptance Testing | QA (Regression Regina) | QA merges after code review |
+| `main` | Production | UAT (Pixel Patty) | UAT merges after browser validation |
 
-**Engineers always target `main` via feature branches** — never push directly.
+**Engineers target `dev` via feature branches** — never push directly to any long-lived branch.
 
 Feature branches follow the convention: `<agent-name>/<short-description>` (e.g., `gandalf/add-sealed-secrets-list`).
 
@@ -59,31 +61,43 @@ gh pr create --title "..." --body "... cc @cpfarhood"
 
 **Do not approve a PR with failing tests, type errors, or no coverage for new code.**
 
-Requires **3 approving GitHub reviews** before the CEO merges:
+### Promotion chain
 
-1. **UAT (Pixel Patty)** — E2E browser testing against `headlamp-dev`
+Each promotion is a PR reviewed and merged by its gate owner:
-2. **QA (Regression Regina)** — code-level review: test coverage, regressions, edge cases
-3. **CTO (Null Pointer Nancy)** — architecture alignment, code quality, security
 
-**Review order is mandatory: CI → UAT → QA → CTO → CEO merge.** Each stage gates the next. No agent merges their own PRs.
+1. **feature → dev** — Engineer self-merges after CI passes. No review required. Dev is for validation, not quality gates.
+2. **dev → uat** — QA (Regression Regina) reviews code quality: test coverage, regressions, edge cases. QA merges to `uat` after approval.
+3. **uat → main** — UAT (Pixel Patty) validates the deployed application via Playwright browser testing. UAT merges to `main` after validation passes.
+
+**Each gate owner has merge authority.** No separate merge step by another role. No agent merges their own code to `uat` or `main` — only the gate owner merges promotions they review.
 
 ## Pipeline
 
 ### Pipeline A: Plugin/Feature Changes
 
-CI → UAT (Patty) → QA (Regina) → CTO (Nancy) → CEO merge
+```
+Engineer → PR to dev → self-merge → deploys to dev
+→ Engineer validates on dev
+→ PR from dev → uat → QA reviews → QA merges
+→ Deploys to UAT environment
+→ PR from uat → main → UAT validates → UAT merges
+→ Production
+```
 
 Applies to changes in `headlamp-*-plugin/` repos (plugin code, features, bug fixes).
 
 ### Pipeline B: Infrastructure Changes (No UI Impact)
 
-CI → QA (Regina) → CTO (Nancy) → CEO merge
+```
+Engineer → PR to main → CI passes → QA reviews → QA merges
+→ Production
+```
 
-Applies to changes in `.github/workflows/`, `infra/`, `org/` repos, and template repos.
+Applies to changes in `.github/workflows/`, `infra/`, `org/` repos, and template repos. No UAT stage needed — infrastructure changes have no UI to validate.
 
 **Detection:** If `git diff` shows changes only in `.github/`, `infra/`, `org/`, or deployment files → Pipeline B. If any `headlamp-*-plugin/` code changed → Pipeline A.
 
-**Failure routing:** Any stage failure returns directly to the engineer. CEO rejections route through CTO.
+**Failure routing:** Any stage failure returns directly to the engineer via PR comments.
 
 ## Handoff Protocol
 
@@ -110,9 +124,10 @@ Every handoff requires all three steps:
 ## CI/CD
 
 - CI runs on self-hosted ARC runners: `runs-on: runners-privilegedescalation`
+- CI triggers on PRs to `dev`, `uat`, and `main` branches
 - Engineers may modify `.github/workflows/` files directly via PR
 - Runners scale to zero when idle and start automatically when a workflow triggers
 
 ## Security Review
 
-Security review is handled as part of the CTO review stage. Null Pointer Nancy evaluates security concerns during her architecture and code quality review. There is no separate dedicated security review agent.
+Security review is handled as part of the QA review stage. Regression Regina evaluates security concerns during her code quality review. There is no separate dedicated security review agent.

skills/sdlc/sdlc-diagram.md

@@ -24,31 +24,32 @@ flowchart TD
     subgraph PipelineA["Pipeline A: Plugin / Feature Changes"]
         direction TB
         A_ENG["Engineer writes code<br/>(Gandalf)"]
-        A_PR["Create PR → main<br/>cc @cpfarhood"]
+        A_PR_DEV["PR → dev<br/>Engineer self-merges"]
-        A_CI{"CI Passes?"}
+        A_CI_DEV{"CI Passes?"}
-        A_UAT["UAT Review<br/>(Pixel Patty)<br/>E2E browser testing"]
+        A_DEV["Deploys to dev<br/>Engineer validates"]
-        A_UAT_PASS{"UAT Approved?"}
+        A_PR_UAT["PR dev → uat"]
-        A_QA["QA Review<br/>(Regression Regina)<br/>Test coverage, regressions"]
+        A_QA["QA Review<br/>(Regression Regina)<br/>Code quality, test coverage"]
         A_QA_PASS{"QA Approved?"}
-        A_CTO["CTO Review<br/>(Null Pointer Nancy)<br/>Architecture, security"]
+        A_QA_MERGE["QA merges to uat"]
-        A_CTO_PASS{"CTO Approved?"}
+        A_UAT_DEPLOY["Deploys to UAT env"]
-        A_CEO["CEO Merge<br/>(Countess)"]
+        A_PR_MAIN["PR uat → main"]
+        A_UAT["UAT Review<br/>(Pixel Patty)<br/>Playwright browser validation"]
+        A_UAT_PASS{"UAT Approved?"}
+        A_UAT_MERGE["UAT merges to main"]
     end
 
     subgraph PipelineB["Pipeline B: Infrastructure Changes"]
         direction TB
         B_ENG["Engineer writes code<br/>(Gandalf / Hugh)"]
-        B_PR["Create PR → main<br/>cc @cpfarhood"]
+        B_PR["PR → main"]
         B_CI{"CI Passes?"}
         B_QA["QA Review<br/>(Regression Regina)"]
         B_QA_PASS{"QA Approved?"}
-        B_CTO["CTO Review<br/>(Null Pointer Nancy)"]
+        B_QA_MERGE["QA merges to main"]
-        B_CTO_PASS{"CTO Approved?"}
-        B_CEO["CEO Merge<br/>(Countess)"]
     end
 
     subgraph Result["Outcome"]
-        MERGED["Merged to main<br/>✓ Production"]
+        PROD["Merged to main<br/>✓ Production"]
         RETURNED["Returned to Engineer<br/>Fix and resubmit"]
     end
 
@@ -65,35 +66,24 @@ flowchart TD
     DET -->|".github/, infra/, org/"| PB
 
     %% Pipeline A flow
-    PA --> A_ENG --> A_PR --> A_CI
+    PA --> A_ENG --> A_PR_DEV --> A_CI_DEV
-    A_CI -->|"Pass"| A_UAT
+    A_CI_DEV -->|"Pass"| A_DEV
-    A_CI -->|"Fail"| RETURNED
+    A_CI_DEV -->|"Fail"| RETURNED
-    A_UAT --> A_UAT_PASS
+    A_DEV --> A_PR_UAT --> A_QA --> A_QA_PASS
-    A_UAT_PASS -->|"Pass"| A_QA
+    A_QA_PASS -->|"Approved"| A_QA_MERGE --> A_UAT_DEPLOY
-    A_UAT_PASS -->|"Fail"| RETURNED
+    A_QA_PASS -->|"Changes requested"| RETURNED
-    A_QA --> A_QA_PASS
+    A_UAT_DEPLOY --> A_PR_MAIN --> A_UAT --> A_UAT_PASS
-    A_QA_PASS -->|"Pass"| A_CTO
+    A_UAT_PASS -->|"Approved"| A_UAT_MERGE --> PROD
-    A_QA_PASS -->|"Fail"| RETURNED
+    A_UAT_PASS -->|"Changes requested"| RETURNED
-    A_CTO --> A_CTO_PASS
-    A_CTO_PASS -->|"Pass"| A_CEO
-    A_CTO_PASS -->|"Fail — CEO rejection"| A_CTO
-    A_CTO_PASS -->|"Fail — other"| RETURNED
-    A_CEO --> MERGED
 
     %% Pipeline B flow
     PB --> B_ENG --> B_PR --> B_CI
-    B_CI -->|"Pass"| B_QA
+    B_CI -->|"Pass"| B_QA --> B_QA_PASS
     B_CI -->|"Fail"| RETURNED
-    B_QA --> B_QA_PASS
+    B_QA_PASS -->|"Approved"| B_QA_MERGE --> PROD
-    B_QA_PASS -->|"Pass"| B_CTO
+    B_QA_PASS -->|"Changes requested"| RETURNED
-    B_QA_PASS -->|"Fail"| RETURNED
-    B_CTO --> B_CTO_PASS
-    B_CTO_PASS -->|"Pass"| B_CEO
-    B_CTO_PASS -->|"Fail — CEO rejection"| B_CTO
-    B_CTO_PASS -->|"Fail — other"| RETURNED
-    B_CEO --> MERGED
 
-    RETURNED -->|"Fix and resubmit"| A_PR
+    RETURNED -->|"Fix and resubmit"| A_PR_DEV
     RETURNED -->|"Fix and resubmit"| B_PR
 
     %% Styling
@@ -101,11 +91,46 @@ flowchart TD
     classDef pass fill:#e4f9e4,stroke:#27ae60,color:#000
     classDef agent fill:#e4e9f9,stroke:#2980b9,color:#000
     classDef decision fill:#fef9e7,stroke:#f39c12,color:#000
+    classDef deploy fill:#e8f4f8,stroke:#2c3e50,color:#000
 
-    class BA,A_CI,A_UAT_PASS,A_QA_PASS,A_CTO_PASS,B_CI,B_QA_PASS,B_CTO_PASS,DET decision
+    class BA,A_CI_DEV,A_QA_PASS,A_UAT_PASS,B_CI,B_QA_PASS,DET decision
-    class A_UAT,A_QA,A_CTO,B_QA,B_CTO gate
+    class A_QA,A_UAT,B_QA gate
-    class MERGED pass
+    class PROD pass
-    class A_ENG,B_ENG,A_CEO,B_CEO agent
+    class A_ENG,B_ENG agent
+    class A_DEV,A_UAT_DEPLOY deploy
+```
+
+## Branch Promotion Chain
+
+```mermaid
+flowchart LR
+    subgraph Feature["Feature Branch"]
+        FB["gandalf/feature-name"]
+    end
+
+    subgraph Dev["dev branch"]
+        DEV["Engineer self-merges<br/>Deploys to dev env"]
+    end
+
+    subgraph UAT["uat branch"]
+        UATB["QA reviews & merges<br/>Deploys to UAT env"]
+    end
+
+    subgraph Main["main branch"]
+        MAIN["UAT validates & merges<br/>Deploys to production"]
+    end
+
+    FB -->|"PR + CI"| DEV
+    DEV -->|"PR + QA review"| UATB
+    UATB -->|"PR + UAT review"| MAIN
+
+    classDef dev fill:#fff3cd,stroke:#856404,color:#000
+    classDef uat fill:#cce5ff,stroke:#004085,color:#000
+    classDef prod fill:#d4edda,stroke:#155724,color:#000
+
+    class DEV dev
+    class UATB uat
+    class MAIN prod
 ```
 
 ## Handoff Protocol