mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-17 23:09:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6bc9b46652
system-prompts-and-models-o.../docs/github-enterprise-delivery-completion.md
Sami Assiri b4531f0a4c feat(tier1): docs-governance CI, evidence gate, closure artifacts, trust/execution docs 
- Replace repo-preflight with docs-governance workflow and check_docs_links.py
- Class B bundle: require correlation_id for external_*; AuditMetadata trace fields
- Root-safe TIER1 §2; optional .githooks pre-push for main
- Add RELEASE_READINESS_MATRIX_AR, SOURCE_OF_TRUTH_INDEX, operational severity, external index
- ExecWeeklyGovernanceContract; expand trust-fabric, execution-fabric, ADR-0001, ws5, Saudi overlays
- Wire MASTER TOC, enterprise-readiness, completion-program, architecture_brief paths

Made-with: Cursor
2026-04-16 16:46:36 +03:00

1.6 KiB
Raw Blame History

Enterprise delivery fabric — WS6 checklist

Reference: governance/github-and-release.md.

Repository / org controls

  • Rulesets on main (and release branches): no direct push, required reviews, required status checks.
  • CODEOWNERS for critical paths (backend/app/api, auth, payments, agents).
  • Merge queue (when CI stable).
  • Conversation resolution required before merge (policy).

Environments

  • GitHub Environments: dev, staging, canary, prod with protection rules.
  • Required reviewers / wait timers where GitHub Enterprise allows (document limits for private repos per org tier).
  • “Deployments must succeed” gate where applicable.

Secrets and provenance

  • OIDC federation to cloud roles for deploy workflows (no long-lived cloud secrets in repo).
  • Artifact attestations / provenance where supply-chain risk warrants.

Audit retention reality

  • Enterprise audit log retention limits; Git events short retention — plan SIEM / warehouse streaming for audit-grade customers (link runbooks when added).

Evidence

Store screenshots or org policy links (internal) as evidence for enterprise questionnaires; do not commit secrets.

Observability (OTel-style correlation)

Deploy and approval workflows SHOULD propagate trace_id / span_id / correlation_id into internal audit exports so GitHub Actions events can be joined with application logs — aligned with governance/trust-fabric.md runtime policies.