idp: enforce quality gates — IDP is advisory-only, blocks nothing #685
Description
Problem
The IDP (Internal Developer Platform) was built as a documentation layer, not an enforcement layer. Every quality problem surfaces one-by-one because nothing prevents them systemically.
Current State
| Repo | CI | IDP review | Branch protection | Post-release sync |
|---|---|---|---|---|
| squads-cli | Custom (no IDP) | No | main: 1 approval | No |
| agents-squads-web | Yes | continue-on-error |
No | No |
| squads-console | Yes | continue-on-error |
No | No |
| squads-api | None | No | No | No |
Specific Failures This Caused
- v0.2.2 release divergence — squash merge to main, no sync back to develop. 182 commits of drift, 12 merge conflicts on next release PR.
- PR release: v0.2.3 — guardrails, init UX, obs fixes, services docs #682 targeted main directly — no check prevented this.
- PR release: v0.2.3 — obs fixes, skills context, agent reliability #677 targeted main directly — same gap, caught by company-lead (agent), not CI.
- Exact metrics leaked on public issues — no pre-publish review.
- v0.2.3 released without founder approval — no gate on npm publish.
What IDP Should Enforce (not advise)
- Post-release sync: After develop→main merge, automatically create a PR merging main back into develop. Or block next PR until sync is done.
- Branch targeting: PRs from feature branches MUST target develop, not main. CI fails if
base != develop(except develop→main PRs). - IDP review as required check: Remove
continue-on-error. Make IDP review a required status check. - Contract validation: Before deploy, verify all dependent services are at required versions.
- Release approval: npm publish only triggers on founder-approved merge to main.
Implementation
- Remove
continue-on-errorfrom IDP review jobs in all CI configs - Add IDP review to squads-cli CI (currently missing entirely)
- Create CI for squads-api (zero CI today)
- Add branch protection on develop for web/console/api repos
- Add post-release-sync job to CI: after main merge, auto-create main→develop PR
- Add branch target validation to review.sh
Labels: priority:P1, type:infrastructure