mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-18 07:19:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
ef08649efe
system-prompts-and-models-o.../docs/github-enterprise-delivery-completion.md
Sami Assiri b4531f0a4c feat(tier1): docs-governance CI, evidence gate, closure artifacts, trust/execution docs 
- Replace repo-preflight with docs-governance workflow and check_docs_links.py
- Class B bundle: require correlation_id for external_*; AuditMetadata trace fields
- Root-safe TIER1 §2; optional .githooks pre-push for main
- Add RELEASE_READINESS_MATRIX_AR, SOURCE_OF_TRUTH_INDEX, operational severity, external index
- ExecWeeklyGovernanceContract; expand trust-fabric, execution-fabric, ADR-0001, ws5, Saudi overlays
- Wire MASTER TOC, enterprise-readiness, completion-program, architecture_brief paths

Made-with: Cursor
2026-04-16 16:46:36 +03:00

34 lines
1.6 KiB
Markdown
Raw Blame History

# Enterprise delivery fabric — WS6 checklist
**Reference:** [`governance/github-and-release.md`](governance/github-and-release.md).
## Repository / org controls
- [ ] Rulesets on `main` (and release branches): no direct push, required reviews, required status checks.
- [ ] CODEOWNERS for critical paths (`backend/app/api`, auth, payments, agents).
- [ ] Merge queue (when CI stable).
- [ ] Conversation resolution required before merge (policy).
## Environments
- [ ] GitHub Environments: `dev`, `staging`, `canary`, `prod` with protection rules.
- [ ] Required reviewers / wait timers where **GitHub Enterprise** allows (document limits for private repos per org tier).
- [ ] “Deployments must succeed” gate where applicable.
## Secrets and provenance
- [ ] OIDC federation to cloud roles for deploy workflows (no long-lived cloud secrets in repo).
- [ ] Artifact attestations / provenance where supply-chain risk warrants.
## Audit retention reality
- Enterprise audit log retention limits; Git events short retention — **plan SIEM / warehouse streaming** for audit-grade customers (link runbooks when added).
## Evidence
Store screenshots or org policy links (internal) as evidence for enterprise questionnaires; do not commit secrets.
## Observability (OTel-style correlation)
Deploy and approval workflows SHOULD propagate **`trace_id` / `span_id` / `correlation_id`** into internal audit exports so GitHub Actions events can be joined with application logs — aligned with [`governance/trust-fabric.md`](governance/trust-fabric.md) runtime policies.
Reference in New Issue View Git Blame Copy Permalink