From 7e1e5d640d5f3b723a72899375254eb03f2ab198 Mon Sep 17 00:00:00 2001
From: devops-engineer <devops-engineer@agents.moleculesai.app>
Date: Tue, 23 Jun 2026 21:25:50 +0000
Subject: [PATCH] governance(sop-checklist): add scope-matches-declared +
 public-repo-hygiene items

Forces a reviewer to ack, one-by-one, that (8) the PR file list matches its
title/scope and (9) no ops docs/internal/identifiers/secrets land in the PUBLIC
repo. Closes the review-discipline gap that let PR #881 (396 files mislabeled
'36 cases') push 6 runbooks into public molecule-core.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 .gitea/sop-checklist-config.yaml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/.gitea/sop-checklist-config.yaml b/.gitea/sop-checklist-config.yaml
index 9d218a12..9ab2457b 100644
--- a/.gitea/sop-checklist-config.yaml
+++ b/.gitea/sop-checklist-config.yaml
@@ -160,6 +160,32 @@ items:
       List of feedback memories applicable to this change. Ack from
       any engineer who has the same memory access.
 
+  - slug: scope-matches-declared
+    numeric_alias: 8
+    pr_section_marker: "Scope matches title"
+    required_teams: [engineers, managers, ceo]
+    required_teams_high_risk: [ceo]
+    description: >-
+      The PR file list matches its declared scope/title — no off-topic
+      files, no unreviewable size (a "36 test cases" PR that adds 396 files
+      + a lockfile + runbooks is a REJECT / re-scope, not a pass). Reviewer
+      confirms they walked the FULL file list, not just the headline change.
+      Non-author ack; NOT ai-ack-eligible (a reviewer must actually look).
+      Added 2026-06-23 after PR #881 slipped 6 runbooks into the PUBLIC repo
+      under a canvas-test title.
+
+  - slug: public-repo-hygiene
+    numeric_alias: 9
+    pr_section_marker: "Public-repo hygiene checked"
+    required_teams: [engineers, security, managers, ceo]
+    required_teams_high_risk: [ceo]
+    description: >-
+      molecule-core is PUBLIC (private=false): every added path AND all git
+      history is world-readable. Reviewer confirms this PR adds NO operational
+      runbooks, internal docs, infra identifiers (hosts, account IDs, cred
+      paths), or secrets. Ops docs belong in the private internal repo.
+      Non-author ack; NOT ai-ack-eligible.
+
 # N/A gate declarations (RFC#324 §N/A follow-up).
 # PRs where a gate genuinely does not apply (e.g., pure-infra with no
 # qa surface, or docs-only) can be declared N/A by a non-author peer
-- 
2.52.0