78 lines
2.2 KiB
JSON
78 lines
2.2 KiB
JSON
|
|
{
|
||
|
|
"version": "1.0.0",
|
||
|
|
"phase": "enforcement-ready",
|
||
|
|
"full_workflow_required_when": [
|
||
|
|
{
|
||
|
|
"id": "risk-security",
|
||
|
|
"description": "Any change touching authentication, authorization, CSRF, encryption, logging redaction, file uploads, or API bootstrap/security behavior.",
|
||
|
|
"paths": [
|
||
|
|
"lib/Http/**",
|
||
|
|
"lib/Service/Access/**",
|
||
|
|
"lib/Support/Crypto.php",
|
||
|
|
"pages/api/**",
|
||
|
|
"pages/**"
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"id": "risk-data-boundary",
|
||
|
|
"description": "Any change touching tenant-scoped data access, repository query boundaries, DB schema updates, or API contracts.",
|
||
|
|
"paths": [
|
||
|
|
"lib/Repository/**",
|
||
|
|
"db/updates/**",
|
||
|
|
"db/init/init.sql",
|
||
|
|
"docs/openapi.yaml"
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"id": "risk-modules",
|
||
|
|
"description": "Any change touching module manifests, module runtime wiring, module routes, module providers, or module migrations/assets.",
|
||
|
|
"paths": [
|
||
|
|
"modules/*/module.php",
|
||
|
|
"lib/App/Module/**",
|
||
|
|
"storage/runtime/pages/**",
|
||
|
|
"web/modules/**"
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"id": "risk-cross-layer",
|
||
|
|
"description": "Any feature/addition changing more than one architecture layer (Repository, Service, pages/templates/web, modules, config, db).",
|
||
|
|
"paths": [
|
||
|
|
"lib/**",
|
||
|
|
"pages/**",
|
||
|
|
"templates/**",
|
||
|
|
"web/**",
|
||
|
|
"modules/**",
|
||
|
|
"config/**",
|
||
|
|
"db/**"
|
||
|
|
]
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"quick_fix_allowlist": [
|
||
|
|
"single-file typo fix without behavior change",
|
||
|
|
"single-file translation text/key correction without flow change",
|
||
|
|
"single-file CSS visual adjustment without behavioral JS or backend change",
|
||
|
|
"single-file docs-only update"
|
||
|
|
],
|
||
|
|
"gate_policy": {
|
||
|
|
"required_gates_always": [
|
||
|
|
"QG-001",
|
||
|
|
"QG-002",
|
||
|
|
"QG-003",
|
||
|
|
"QG-006",
|
||
|
|
"QG-008",
|
||
|
|
"QG-009"
|
||
|
|
],
|
||
|
|
"manual_non_blocking": [
|
||
|
|
"QG-005"
|
||
|
|
],
|
||
|
|
"periodic_non_blocking": [
|
||
|
|
"QG-007"
|
||
|
|
]
|
||
|
|
},
|
||
|
|
"ci_rollout": {
|
||
|
|
"target_platform": "gitea",
|
||
|
|
"blocking_enabled": false,
|
||
|
|
"phase_2_activation": "Enable required status checks in repository branch protection once qa-required is stable on runner infrastructure."
|
||
|
|
}
|
||
|
|
}
|