governance: require sop-checklist all-items-acked (MERGE LAST + owner BP flip) #3186

2026-06-23T21:40:55Z

devops-engineer commented

2026-06-23 21:40:55 +00:00

Adds sop-checklist / all-items-acked to the merge-blocking required-contexts list, so the review checklist (#3184 items #8 scope-matches + #9 public-repo-hygiene) becomes mandatory — reviewers must /sop-ack each one.

MERGE LAST. Land only after the in-flight batch (#3183 security delete, #3184 items, #3185 RFC) merges and after #3184 lands items 8/9 — otherwise every open PR fail-closes on un-acked items.

Owner step (hard enforcement): required-contexts.txt alone did NOT hard-block on #3181 (E2E-Concierge-Creates-Workspace is in the file but merged red because it's not in BP). To hard-enforce, the owner adds sop-checklist / all-items-acked (pull_request) to molecule-core branch-protection status_check_contexts. This PR is the documented-list companion to that BP flip.

Adds `sop-checklist / all-items-acked` to the merge-blocking required-contexts list, so the review checklist (#3184 items #8 scope-matches + #9 public-repo-hygiene) becomes mandatory — reviewers must `/sop-ack` each one. **MERGE LAST.** Land only after the in-flight batch (#3183 security delete, #3184 items, #3185 RFC) merges and after #3184 lands items 8/9 — otherwise every open PR fail-closes on un-acked items. **Owner step (hard enforcement):** required-contexts.txt alone did NOT hard-block on #3181 (E2E-Concierge-Creates-Workspace is in the file but merged red because it's not in BP). To hard-enforce, the owner adds `sop-checklist / all-items-acked (pull_request)` to molecule-core branch-protection status_check_contexts. This PR is the documented-list companion to that BP flip.

devops-engineer added 1 commit 2026-06-23 21:40:55 +00:00

governance: require sop-checklist / all-items-acked (merge-blocking list)

CI / Python Lint & Test (pull_request) Successful in 5s

Details

Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 7s

Details

Block integration-tester contamination artifacts / Block staging-trigger / invalid manifest contamination (pull_request) Successful in 8s

Details

Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 6s

Details

Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 7s

Details

E2E Peer Visibility (literal MCP list_peers) / detect-changes (pull_request) Successful in 6s

Details

E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / Prune stale e2e DNS records (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Platform Boot (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge user_tasks (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Workspace Requests (core#2606) (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Creates Workspace (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge (compile+skip) (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Platform Agent (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Plugin Install Lifecycle (pull_request) Has been cancelled

Details

lint-no-coe-on-required / lint-no-coe-on-required (pull_request) Successful in 16s

Details

Handlers Postgres Integration / detect-changes (pull_request) Successful in 6s

Details

Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 8s

Details

sop-checklist / review-refire (pull_request_target) Has been skipped

Details

lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 15s

Details

CI / Detect changes (pull_request) Successful in 34s

Details

E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Has been skipped

Details

gate-check-v3 / gate-check (pull_request_target) Successful in 16s

Details

sop-checklist / na-declarations (pull_request) N/A: (none)

Details

sop-checklist / all-items-acked (pull_request_target) Successful in 12s

Details

E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Successful in 6s

Details

Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 3s

Details

PR Diff Guard / PR diff guard (pull_request) Successful in 40s

Details

CI / Shellcheck (E2E scripts) (pull_request) Successful in 2s

Details

CI / Canvas (Next.js) (pull_request) Successful in 3s

Details

CI / Platform (Go) (pull_request) Successful in 4s

Details

CI / Canvas Deploy Status (pull_request) Successful in 1s

Details

E2E API Smoke Test / detect-changes (pull_request) Successful in 23s

Details

CI / all-required (pull_request) Successful in 5s

Details

E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 3s

Details

template-delivery-e2e / detect-changes (pull_request) Successful in 15s

Details

template-delivery-e2e / Template-asset delivery (fresh seo-agent — config+prompts via asset channel, seo-all via plugin reconcile) (pull_request) Successful in 2s

Details

E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 27s

Details

E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 3s

Details

E2E Chat / detect-changes (pull_request) Successful in 18s

Details

E2E Chat / E2E Chat (pull_request) Successful in 3s

Details

Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (real image + MiniMax LLM, advisory) (pull_request) Failing after 2m6s

Details

Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (stub) (pull_request) Successful in 34s

Details

reserved-path-review / reserved-path-review (pull_request_target) Approved via pull_request_review trigger

qa-review / approved (pull_request_target) Approved via pull_request_review trigger

reserved-path-review / reserved-path-review (pull_request_review) Successful in 10s

Details

qa-review / approved (pull_request_review) Successful in 11s

Details

security-review / approved (pull_request_target) Approved via pull_request_review trigger

security-review / approved (pull_request_review) Successful in 14s

Details

sop-checklist / all-items-acked (pull_request) Compensated by status-reaper (non-required pull_request/pull_request_review governance shadow overridden by successful pull_request_target status; see .gitea/scripts/status-reaper.py)

Details

audit-force-merge / audit (pull_request_target) Successful in 12s

Details

ec882d0aba

Stages the checklist gate as a documented required context. MERGE LAST:
(1) after the in-flight batch (#3183/#3184/#3185) merges, and (2) after
#3184 lands items 8/9 — else all open PRs fail-closed. The HARD Gitea
enforcement is the owner adding this context to branch-protection
status_check_contexts (required-contexts.txt alone did not hard-block
E2E-Concierge-Creates-Workspace on #3181).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

devops-engineer added 1 commit 2026-06-23 21:40:56 +00:00

governance: require sop-checklist / all-items-acked (merge-blocking list)

CI / Python Lint & Test (pull_request) Successful in 5s

Details

Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 7s

Details

Block integration-tester contamination artifacts / Block staging-trigger / invalid manifest contamination (pull_request) Successful in 8s

Details

Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 6s

Details

Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 7s

Details

E2E Peer Visibility (literal MCP list_peers) / detect-changes (pull_request) Successful in 6s

Details

E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / Prune stale e2e DNS records (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Platform Boot (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge user_tasks (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Workspace Requests (core#2606) (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Creates Workspace (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge (compile+skip) (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Platform Agent (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Plugin Install Lifecycle (pull_request) Has been cancelled

Details

lint-no-coe-on-required / lint-no-coe-on-required (pull_request) Successful in 16s

Details

Handlers Postgres Integration / detect-changes (pull_request) Successful in 6s

Details

Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 8s

Details

sop-checklist / review-refire (pull_request_target) Has been skipped

Details

lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 15s

Details

CI / Detect changes (pull_request) Successful in 34s

Details

E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Has been skipped

Details

gate-check-v3 / gate-check (pull_request_target) Successful in 16s

Details

sop-checklist / na-declarations (pull_request) N/A: (none)

Details

sop-checklist / all-items-acked (pull_request_target) Successful in 12s

Details

E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Successful in 6s

Details

Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 3s

Details

PR Diff Guard / PR diff guard (pull_request) Successful in 40s

Details

CI / Shellcheck (E2E scripts) (pull_request) Successful in 2s

Details

CI / Canvas (Next.js) (pull_request) Successful in 3s

Details

CI / Platform (Go) (pull_request) Successful in 4s

Details

CI / Canvas Deploy Status (pull_request) Successful in 1s

Details

E2E API Smoke Test / detect-changes (pull_request) Successful in 23s

Details

CI / all-required (pull_request) Successful in 5s

Details

E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 3s

Details

template-delivery-e2e / detect-changes (pull_request) Successful in 15s

Details

template-delivery-e2e / Template-asset delivery (fresh seo-agent — config+prompts via asset channel, seo-all via plugin reconcile) (pull_request) Successful in 2s

Details

E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 27s

Details

E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 3s

Details

E2E Chat / detect-changes (pull_request) Successful in 18s

Details

E2E Chat / E2E Chat (pull_request) Successful in 3s

Details

Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (real image + MiniMax LLM, advisory) (pull_request) Failing after 2m6s

Details

Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (stub) (pull_request) Successful in 34s

Details

reserved-path-review / reserved-path-review (pull_request_target) Approved via pull_request_review trigger

qa-review / approved (pull_request_target) Approved via pull_request_review trigger

reserved-path-review / reserved-path-review (pull_request_review) Successful in 10s

Details

qa-review / approved (pull_request_review) Successful in 11s

Details

security-review / approved (pull_request_target) Approved via pull_request_review trigger

security-review / approved (pull_request_review) Successful in 14s

Details

sop-checklist / all-items-acked (pull_request) Compensated by status-reaper (non-required pull_request/pull_request_review governance shadow overridden by successful pull_request_target status; see .gitea/scripts/status-reaper.py)

Details

audit-force-merge / audit (pull_request_target) Successful in 12s

Details

ec882d0aba

Stages the checklist gate as a documented required context. MERGE LAST:
(1) after the in-flight batch (#3183/#3184/#3185) merges, and (2) after
#3184 lands items 8/9 — else all open PRs fail-closed. The HARD Gitea
enforcement is the owner adding this context to branch-protection
status_check_contexts (required-contexts.txt alone did not hard-block
E2E-Concierge-Creates-Workspace on #3181).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

devops-engineer added the do-not-merge label 2026-06-23 21:41:12 +00:00

agent-reviewer-cr2 approved these changes 2026-06-24 02:28:28 +00:00

agent-reviewer-cr2 left a comment

APPROVED: #3186 is a one-line governance change adding sop-checklist / all-items-acked to .gitea/required-contexts.txt. This matches the intended merge-lane hardening now that #3196 fixed the stale 7-vs-9 SOP checklist test expectations. No production code or secrets touched; performance impact is nil. The “MERGE LAST” note still matters operationally, but the current head is acceptable from a code-review standpoint.

APPROVED: #3186 is a one-line governance change adding `sop-checklist / all-items-acked` to .gitea/required-contexts.txt. This matches the intended merge-lane hardening now that #3196 fixed the stale 7-vs-9 SOP checklist test expectations. No production code or secrets touched; performance impact is nil. The “MERGE LAST” note still matters operationally, but the current head is acceptable from a code-review standpoint.

devops-engineer merged commit d38c2409c7 into main

2026-06-24 02:30:54 +00:00

Sign in to join this conversation.

2 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#3186