diff --git a/.github/workflows/harness-ci.yml b/.github/workflows/harness-ci.yml index 1a33cc2..31b7436 100644 --- a/.github/workflows/harness-ci.yml +++ b/.github/workflows/harness-ci.yml @@ -4,9 +4,12 @@ name: harness-ci # 100% coverage of the runtime surface. The bridge contract (T1) and every adapter # (T2+) must stay green here. # -# Runs on EVERY pull request (no paths filter) so it can be a *required* status -# check: a path-filtered required check never reports on unrelated PRs and would -# block them forever. npm is cached, so a no-harness PR still completes in ~15s. +# Runs on EVERY pull request as a signal (no paths filter). It is NOT a hard +# ruleset-required check — cc waits for green before self-merging, and CI checks +# are signals not gates here, matching homelab-ops governance (adr-0001). (A hard +# required check deadlocks GITHUB_TOKEN-authored bot PRs, e.g. adr-assign numbering, +# which cannot trigger workflows; a real hard gate waits for Phase D's GitHub App.) +# Running on all PRs keeps the signal universal; npm is cached (~15s). on: pull_request: diff --git a/ROADMAP.md b/ROADMAP.md index 18ea57b..8ea1e81 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -63,10 +63,16 @@ are unblocked and parallelize, and T3 proceeds on its own. ### Automated acceptance (CI) -| Gate | Scope | Required? | +CI checks are **signals, not hard ruleset gates** — matching homelab-ops governance +(`adr-0001`): `protect-main` only enforces `deletion` / `non_fast_forward` / +`pull_request`. cc waits for green before self-merging; nothing mechanically blocks +a merge on a red check (a deliberate hard gate is deferred to Phase D, where a +GitHub App lets bot PRs trigger checks without the numbering-PR deadlock). + +| Check | Scope | Enforcement | |---|---|---| -| **`harness-ci`** (`.github/workflows/harness-ci.yml`) | every PR: `npm ci` → typecheck → tests + **100% coverage** of the L2 runtime surface | **yes** — required status check on `protect-main` | -| **`adr-pr-check`** | ADR invariants on `decisions/**` PRs | yes (on ADR PRs) | +| **`harness-ci`** (`.github/workflows/harness-ci.yml`) | every PR: `npm ci` → typecheck → tests + **100% coverage** of the L2 runtime surface | signal; cc gates self-merge on green | +| **`adr-pr-check`** | ADR invariants on `decisions/**` PRs | signal (on ADR PRs) | L2 toolchain: `harness/` is the TypeScript project root (`package.json`, strict `tsconfig`, tsx + `node:test` + ajv). `drives/` will be the Python root (T4).