Commit edd4135
authored
docs(rfc): stovepipe post-merge trunk-validation workflow (#215)
## Summary
### Why?
SubmitQueue can no longer prove every change green before merge at the
monorepo's current throughput, so it now merges directly to a single
`main` that may be temporarily broken. Stovepipe is the post-merge
service that validates `main`, records per-commit health, and drives
recovery. There was no design doc describing its pipeline; this RFC
fills that gap, mirroring `doc/rfc/submitqueue/workflow.md` so the two
services read as siblings.
### What?
Adds `doc/rfc/stovepipe/workflow.md` describing the end-to-end pipeline:
ingest trunk push events (external webhooks plus a fallback
reconciliation poller, deduped on commit SHA) → start → validate → batch
commits since the last known green → speculate / build / buildsignal →
on green record `succeeded`; on failure bisect to the offending commit →
invoke a pluggable remediation extension whose external backend lands a
fix or revert via SQ.
Documents the three commit states (`unknown` / `succeeded` / `failed`),
the SHA-as-identity / batch-as-validation-unit tracking model (bisect
owns termination), and two gateway-owned sinks the orchestrator
publishes to and the gateway consumes: `status` (the commit-status store
callers query) and `log` (an append-only event log, the analogue of SQ's
request log). Also covers fail-closed DLQ reconciliation, ownership by
service, and the status/log ownership invariant. Links the new doc from
`doc/rfc/index.md` under a new `## Stovepipe` section.1 parent 98f76d5 commit edd4135
2 files changed
Lines changed: 173 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
10 | 10 | | |
11 | 11 | | |
12 | 12 | | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
0 commit comments