# ECP-0079: Governance Hygiene, CI Quality Gates, and Main-Branch Protection

Status: Implemented

## Context

Recent delivery velocity improved product behavior, but governance and quality signals drifted:

- active ECPs were not consistently marked with explicit status and alternatives;
- pull requests lacked a single, explicit CI gate for core tests plus web build;
- deploy could proceed without an explicit prerequisite check job;
- branch protection settings were not codified as an operator runbook artifact.

This conflicts with the constitutional requirement that non-trivial changes remain reviewable and merge through pull requests.

## Decision

1. Normalize governance records for the active proposal window (`ECP-0063` through `ECP-0078`):
   - mark implemented decisions as `Status: Implemented`,
   - add explicit `Alternatives considered` sections,
   - ensure rollout/teardown intent is present.
2. Add `scripts/ecp-lint.sh` and run it in CI to enforce required ECP sections for active proposals.
3. Add a `ci-gates` workflow for pull requests that runs:
   - ECP lint,
   - core Rust test subset,
   - `apps/web` production build.
4. Update deploy workflow to include a dedicated `checks` job and make deploy depend on that job.
5. Correct Cloudflare deploy docs so manual commands and secret prerequisites match current implementation.
6. Add a branch-protection enforcement script and runbook so `main` can be locked to PR merges with required checks.

## Alternatives considered

- Keep governance cleanup manual and ad hoc. Rejected because drift reappears quickly under fast iteration.
- Gate only deploy, not pull requests. Rejected because review-time feedback is required before merge.
- Rely on UI-only branch protection configuration with no repo script/runbook. Rejected because settings become opaque and harder to audit.

## Rollout / teardown plan

- Rollout:
  - land ECP updates + lint script + CI workflows + docs + branch-protection tooling together;
  - apply branch protection using the new script;
  - set required check context to `ci-gates / checks`.
- Teardown:
  - remove `ci-gates` workflow and lint script if governance process is superseded;
  - relax branch protection via API/script and adjust constitutional process in a superseding ECP.