Files
breadcrumb-the-shire/.agents/checks/enforcement-policy.json

78 lines
2.2 KiB
JSON
Raw Normal View History

{
"version": "1.0.0",
"phase": "enforcement-ready",
"full_workflow_required_when": [
{
"id": "risk-security",
"description": "Any change touching authentication, authorization, CSRF, encryption, logging redaction, file uploads, or API bootstrap/security behavior.",
"paths": [
"lib/Http/**",
"lib/Service/Access/**",
"lib/Support/Crypto.php",
"pages/api/**",
"pages/**"
]
},
{
"id": "risk-data-boundary",
"description": "Any change touching tenant-scoped data access, repository query boundaries, DB schema updates, or API contracts.",
"paths": [
"lib/Repository/**",
"db/updates/**",
"db/init/init.sql",
"docs/openapi.yaml"
]
},
{
"id": "risk-modules",
"description": "Any change touching module manifests, module runtime wiring, module routes, module providers, or module migrations/assets.",
"paths": [
"modules/*/module.php",
"lib/App/Module/**",
"storage/runtime/pages/**",
"web/modules/**"
]
},
{
"id": "risk-cross-layer",
"description": "Any feature/addition changing more than one architecture layer (Repository, Service, pages/templates/web, modules, config, db).",
"paths": [
"lib/**",
"pages/**",
"templates/**",
"web/**",
"modules/**",
"config/**",
"db/**"
]
}
],
"quick_fix_allowlist": [
"single-file typo fix without behavior change",
"single-file translation text/key correction without flow change",
"single-file CSS visual adjustment without behavioral JS or backend change",
"single-file docs-only update"
],
"gate_policy": {
"required_gates_always": [
"QG-001",
"QG-002",
"QG-003",
"QG-006",
"QG-008",
"QG-009"
],
"manual_non_blocking": [
"QG-005"
],
"periodic_non_blocking": [
"QG-007"
]
},
"ci_rollout": {
"target_platform": "gitea",
"blocking_enabled": false,
"phase_2_activation": "Enable required status checks in repository branch protection once qa-required is stable on runner infrastructure."
}
}