every-channel/every.channel
1
0
Fork 0
Code Releases Activity Actions 2
every.channel/evolution/proposals/ECP-0079-governance-quality-gates-and-branch-protection.md

2.2 KiB
Raw Blame History

ECP-0079: Governance Hygiene, CI Quality Gates, and Main-Branch Protection

Status: Implemented

Context

Recent delivery velocity improved product behavior, but governance and quality signals drifted:

  • active ECPs were not consistently marked with explicit status and alternatives;
  • pull requests lacked a single, explicit CI gate for core tests plus web build;
  • deploy could proceed without an explicit prerequisite check job;
  • branch protection settings were not codified as an operator runbook artifact.

This conflicts with the constitutional requirement that non-trivial changes remain reviewable and merge through pull requests.

Decision

  1. Normalize governance records for the active proposal window (ECP-0063 through ECP-0078):
    • mark implemented decisions as Status: Implemented,
    • add explicit Alternatives considered sections,
    • ensure rollout/teardown intent is present.
  2. Add scripts/ecp-lint.sh and run it in CI to enforce required ECP sections for active proposals.
  3. Add a ci-gates workflow for pull requests that runs:
    • ECP lint,
    • core Rust test subset,
    • apps/web production build.
  4. Update deploy workflow to include a dedicated checks job and make deploy depend on that job.
  5. Correct Cloudflare deploy docs so manual commands and secret prerequisites match current implementation.
  6. Add a branch-protection enforcement script and runbook so main can be locked to PR merges with required checks.

Alternatives considered

  • Keep governance cleanup manual and ad hoc. Rejected because drift reappears quickly under fast iteration.
  • Gate only deploy, not pull requests. Rejected because review-time feedback is required before merge.
  • Rely on UI-only branch protection configuration with no repo script/runbook. Rejected because settings become opaque and harder to audit.

Rollout / teardown plan

  • Rollout:
    • land ECP updates + lint script + CI workflows + docs + branch-protection tooling together;
    • apply branch protection using the new script;
    • set required check context to ci-gates / checks.
  • Teardown:
    • remove ci-gates workflow and lint script if governance process is superseded;
    • relax branch protection via API/script and adjust constitutional process in a superseding ECP.