Commit 4f53a8d
committed
docs(rfc): stovepipe post-merge trunk-validation workflow
## Summary
### Why?
SubmitQueue can no longer prove every change green before merge at the monorepo's current throughput, so it now merges directly to a single `main` that may be temporarily broken. Stovepipe is the post-merge service that validates `main`, records per-commit health, and drives recovery. There was no design doc describing its pipeline; this RFC fills that gap, mirroring `doc/rfc/submitqueue/workflow.md` so the two services read as siblings.
### What?
Adds `doc/rfc/stovepipe/workflow.md` describing the end-to-end pipeline: ingest trunk push events (external webhooks plus a fallback reconciliation poller, deduped on commit SHA) → start → validate → batch commits since the last known green → speculate / build / buildsignal → on green record `succeeded`; on failure bisect to the offending commit → invoke a pluggable remediation extension whose external backend lands a fix or revert via SQ.
Documents the three commit states (`unknown` / `succeeded` / `failed`), the SHA-as-identity / batch-as-validation-unit tracking model (bisect owns termination), and two gateway-owned sinks the orchestrator publishes to and the gateway consumes: `status` (the commit-status store callers query) and `log` (an append-only event log, the analogue of SQ's request log). Also covers fail-closed DLQ reconciliation, ownership by service, and the status/log ownership invariant. Links the new doc from `doc/rfc/index.md` under a new `## Stovepipe` section.1 parent 98f76d5 commit 4f53a8d
2 files changed
Lines changed: 173 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
10 | 10 | | |
11 | 11 | | |
12 | 12 | | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
0 commit comments