mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-18 15:29:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
10ff390ef9
system-prompts-and-models-o.../salesflow-saas/docs/governance/release-gates.md
Claude 38e9d02075
feat(dealix): close ALL 4 Tier-1 runtime gaps (Programs E, F, G, K, J) 
Program F — Multi-Tenancy RLS (Row-Level Security):
  alembic 20260417_0002_add_rls.py: Enables RLS on 23 tenant-scoped tables.
  database_rls.py: set_tenant_context() helpers for SET LOCAL app.tenant_id.
  middleware/tenant_rls.py: Extracts tenant_id from JWT on every request.
  Default-deny when no context. PostgreSQL only (CI safe on SQLite).
  Result: OWASP A01:2025 — access control enforced at DB layer.

Program G — Idempotency Standard:
  models/idempotency_key.py: IdempotencyKey table with TTL + SHA256 hash.
  services/idempotency_service.py: get_existing/store with request fingerprint.
  middleware/idempotency.py: HTTP middleware on POST/PUT/PATCH.
  Result: Duplicate side effects prevented on retry.

Program E — Persistent Durable Execution:
  models/durable_checkpoint.py: DurableCheckpoint with sequence_num + status.
  services/durable_runtime.py: start_run/checkpoint/complete/resume/list_incomplete.
  Result: Workflows survive crashes — resume from last persisted checkpoint.

Program K — OpenTelemetry:
  observability/otel.py: init/span/inject_correlation_id with graceful
    degradation when OTel packages absent.
  openclaw/gateway.py: Wraps execute() in span, binds correlation_id to
    trace_id. Bridge between business correlation and production observability.

Program J — Release Gate Hardening:
  docs/governance/release-gates.md: Documents 3 mandatory gates.
  .github/workflows/dealix-ci.yml: Adds release_readiness_matrix as CI step.
  release_readiness_matrix.py: Updated to check 41/41 components.

Verification:
  architecture_brief.py:     40/40 PASS
  release_readiness_matrix.py: 41/41 PASS

https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
2026-04-17 10:12:04 +00:00

111 lines
3.1 KiB
Markdown
Raw Blame History

# Release Gates — Dealix Tier-1
> **Parent**: [`MASTER_OPERATING_PROMPT.md`](../../MASTER_OPERATING_PROMPT.md)
> **Plane**: Operating | **Tracks**: Operations, Trust
> **Version**: 1.0 | **Status**: Canonical
---
## Mandatory Gates
A release candidate (RC) cannot proceed to merge or deploy unless ALL three gates pass:
### Gate 1: Architecture Brief
**Script**: `python scripts/architecture_brief.py`
**Required**: 40/40 PASS
**Validates**: All required governance docs, models, services, APIs, and frontend components exist.
**Exit**: 0 = pass, 1 = fail
### Gate 2: Release Readiness Matrix
**Script**: `python scripts/release_readiness_matrix.py`
**Required**: 26/26 PASS (or all checks)
**Validates**:
- Trust enforcement active (correlation_id)
- Weekly pack endpoint exists
- Auto evidence on deal close
- Saudi workflow live
- Golden path live
- All structured output schemas wired
- Sales pack + customer docs exist
**Exit**: 0 = pass, 1 = fail
### Gate 3: Pytest
**Command**: `python -m pytest tests -q --tb=line`
**Required**: All tests pass
**Note**: Currently has dependency drift issue (pre-existing); acceptable for now.
---
## CI Integration
The `.github/workflows/dealix-ci.yml` workflow runs Gate 1 and Gate 3 automatically on every PR. Gate 2 is manually invoked or run as part of release prep.
### Required Repository Settings
For full enforcement (manual GitHub configuration):
1. **Branch protection on `main`**:
- Require PR reviews (1+ approver)
- Require status checks: `backend`, `frontend`
- Require branches up to date before merge
2. **CODEOWNERS enforced** (already in place):
- `salesflow-saas/MASTER_OPERATING_PROMPT.md` requires owner approval
- `salesflow-saas/docs/governance/` requires owner approval
3. **Secret scanning enabled** (GitHub setting)
---
## Manual Pre-Release Checklist
Before tagging a release:
```bash
cd salesflow-saas
# Gate 1
python scripts/architecture_brief.py
# Expect: OVERALL SCORE: 100.0% (40/40)
# Gate 2
python scripts/release_readiness_matrix.py
# Expect: SCORE: 100.0% (X/X) — RELEASE READY: YES
# Gate 3
cd backend && python -m pytest tests -q --tb=line
# Expect: all tests pass
```
If any gate fails:
- Architecture brief fail → file/structure issue, fix before merge
- Release readiness fail → missing component, complete before merge
- Pytest fail → investigate, fix or document as known issue
---
## Release Candidate (RC) Discipline
| Step | Action |
|------|--------|
| 1 | Create RC branch from main |
| 2 | Run all 3 gates locally |
| 3 | Open PR with `[RC]` prefix |
| 4 | CI runs Gates 1 and 3 automatically |
| 5 | Reviewer runs Gate 2 manually |
| 6 | All gates pass + 1 approval = mergeable |
| 7 | Tag release after merge |
---
## Future Hardening (Roadmap)
| Item | Status | Notes |
|------|--------|-------|
| Block merge on Gate failure | Manual | GitHub branch protection setting |
| OIDC for cloud deploy | Target | Replace long-lived secrets |
| Artifact attestations | Target | Requires Enterprise for private repos |
| Audit log streaming | Target | External retention |
| Canary deployment | Target | Infra-level rollout |
Reference in New Issue View Git Blame Copy Permalink